Cannot Remove PC Virus! Need Advice, Plz!

[likethaigirls]

I have 3 "Threats" on my Acer Aspire 1 netbook. I found out about them by running AVG Internet Security 2015, which was unable to remove them.

 

They are all "Rootkit_SSDT_Hook."

 

AVG's report says they are "Part of Operating System" (Windows 7 Starter, SP 1)

 

I have been trying to remove these "Threats" myself for a couple of days, using trial versions of utilities I found on the 'Net (e.g. AVG PC Tuneup & more) without success.

 

Rootkit_SSDT_Hook is malicious software. It can be used to gather personal information or allow a hacker to access my computer remotely without my consent. It can steal personal info, credit card info, used passwords, delete data (I'm all backed-up anyway), and as I mentioned, "Compromise the entire system by providing remote access to hackers," and more nasties...

 

I need (require) my computer to be as close to 100% secure as possible. I buy stuff online.

 

Does anybody *know* (from personal experience, if possible) how I can restore my computer?

 

I'm *guessing* that I may need to take my computer to Tuk.com (yes, I'm in Pattaya) to have the OS formatted & reinstalled. Any ideas as to what that costs?

 

Does anyone know of a better idea than reinstalling the OS?

 

The security of my computer is by far my priority here. The cost of being able to use it securely is secondary.

 

Thanks for reading!!

[Jedi]

Have you tried googling "restore acer laptop" ?

 

Acer like most laptops these days include a small recovery partition with the software necessary to return the laptop to factory state. Seems a bit drastic though for your issue.

[wackyjacky]

Have you tried googling "restore acer laptop" ?

 

Acer like most laptops these days include a small recovery partition with the software necessary to return the laptop to factory state. Seems a bit drastic though for your issue.

Easier to go a previous backup date before the virus. 

[bungee]

If you have another PC take the drive out of the laptop and attach it to the other PC. Do not run anything off the laptop drive when it is connected to the other PC. Now run the antivirus software on the second PC and scan the laptop drive.

 

When you try to scan on the laptop the virus may already be running and so hard to remove.

 

The full Kaspersky virus checker is free works free for 15 days.  

[devee8]

if you are running windows 7 get Microsoft security essentials and run it

[Vortex]

You should first note that AVG is known to produce false positives for rootkits, more information here http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=395

Without researching the rootkit you have indicated, I would not know if it was a false positive result, you are correct that some Rootkits can "be used to gather personal information or allow a hacker to access my computer remotely without my consent", however Not all hidden components detected by anti-rootkit (ARK) scanners and security tools are malicious. It is normal for a Firewall, anti-virus and anti-malware software, CD Emulators, virtual machines, sandboxes and Host based Intrusion Prevention Systems (HIPS) to exhibit rootkit-like behaviour or hook into the OS kernal/SSDT (System Service Descriptor Table) in order to protect your system. SSDT is a table that stores addresses of functions that are used by Windows. Whenever a function is called, Windows looks in this table to find the address for it. Both Legitimate programs and rootkits can hook into and alter this table.

API Kernel hooks are not always bad since some system monitoring software and security tools use them as well. If nohooks are active on a system it means that all system services are handled by ntoskrnl.exe which is a base component of Windows operating systems and the process used in the boot-up cycle of a computer. ARK scanners do not differentiate between what is good and what is bad...they only report what is found. Therefore, even on a clean system some hidden essential components may be detected when performing a scan to check for the presence of rootkits. As such, you should not be alarmed if you see any hidden entries created by legitimate programs after performing a scan.

Generally when a system is infected with a malicious rootkit, there are other indications something is wrong such as slow performance, high CPU usage, browser redirects, BSODs, etc.
 
A reinstall may not be necessary, some very well know and trusted rootkit scanner are...

GMER http://www.gmer.net/
GMER is an excellent scanner that searches for hidden services, registry components, and files. To its advantage, GMER has the ability to delete malware, which conveniently shows up in red when the scan is completed. Many security experts agree with the following claims made on the GMER Web site:

"GMER is an application that detects and removes rootkits. It scans for: hidden processes, hidden threads, hidden modules, hidden services, hidden files, hidden Alternate Data Streams, hidden registry keys, drivers hooking SSDT, drivers hooking IDT, drivers hooking IRP calls and inline hooks. GMER also can monitor the following system functions: processes creating, drivers loading, libraries loading, file functions, registry entries, TCP/IP connections."

You might find GMER requires getting used to. More to the point, if you aren't familiar with the anomaly GMER found, you either trust GMER to remove the process or research the process in question to make sure that it's not a false positive. Also, uninstalling GMER is a bit different; it requires you to run the following command:
•Start C:\WINDOWS\gmer_uninstall.cmd script and reboot.

Rootrepeal is like GMER and requires some techy knowledge to use (note however it is still in beta) https://sites.google.com/site/rootrepeal/

Kaspersky TDSSKiller is highly recommended and easy to use, although I personally find it limited on the range of malicious rootkits it will remove http://usa.kaspersky.com/downloads/TDSSKiller

Avast Anti-Rootkit http://public.avast.com/~gmerek/aswMBR.htm
Not the best rootkit removal tool but what it does have is a very useful tool that I personally would not be without; the ability to perform FixMBR right from within Windows. Normally one would have to boot to a Windows 7 recovery disc to perform this command but Avast Anti-Rootkit has a built in ‘FixMBR’ button that with one click will write a new Master Boot Record which is often necessary in the removal of rootkits.

Malwarebytes write great malware removal software and they have released a beta anti-rootkit you might want to try https://www.malwarebytes.org/antirootkit/ , (it has been beta for some time now but they are a trusted software developer so I have no problem listing them here).

Another tool that comes recommended but I have no real experience with is UnHackMe http://www.greatis.com/unhackme/ , I cant tell you if it is as good as they claim but like I said it is recommend by trusted sources.
A 30 day free trail version can be downloaded from their site.

A lot of Professional within the industry use this http://www.oshiunhooker.com/index.php  but again my experience with it is limited.

It is possible to manually remove rootkits but it can be complex, you will need this http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx if you want to attempt it.

As to the security of your computer, that is a whole other subject but one I would be happy to advise on.

Good luck and if you do decide to go the reinstall route, note it is a fairly easy task and does not require a lot of computer knowledge, should you want to attempt it yourself.

[Billyboy294]

I had Norton AV. One day it reported 4 Virus/Trojans but could not remove them.

 

 A friend installed Free Windows Registry Repair   and while it is just a simple program it removed them no bother. Might be worth a try.

 

I removed Norton but with great difficulty. .Now cannot remove Avira because it does not work and keeps asking for the licence number for the free version . It keeps popping up.

[likethaigirls]

Thanks to all, particularly Vortex, who took a lot of time on my behalf!

 

You've all given me quite a bit to go on that I didn't know before.

 

As I mentioned, I had 3 'Threats' on my PC. They'd all been classified as 'Medium' security risk by AVG Internet Security. Then, I ran AVG yesterday, and 2 of the 3 Rootkits had been upgraded from 'Medium' risk to 'High' risk. AVG *was* able to remove the 'High' risk Rootkits, Lol!!

 

So now, I've just got 1.

 

Again, many thanks to everyone!