some malaware that doesn't want to go

Dareth Ram

You guys know the drill, family\friends do shit on your computer and fuck it up big.


Two Problems, both of them spit out ad ware. Lavasoft finds them both, but it can't kill them.

The first is virtumonde. I've tried several removal steps I found on google, but no luck.

The second is win32.rootkit.clbd.This is terrifying, as literally ever result in google is just Adaware's definition release notes with no removal help.

AVG is also pulling up a change ntsokrnl.exe. No idea what that means.



Help?

GrimReaper

If you're talking about changes to system files that sounds like this rootkit has performed, especially to the kernel then I'll put my vote here on a clean reinstall of windows.

Buttcleft

I'm of the opinion that if it takes more than an hour to fix/find a solution to fix a malware/virus issue that its just better to nuke the drive [making sure to hit the mbr and anywhere else the little pests like to hide ] and start anew.


On an unrelated note, this is why I keep a completely separate PC for family and visitors. So I can nuke it at will without issue.

blakfeld

Before you nuke it, google malware bytes and give that a go

Dareth Ram

malaware bytes seemed to have done the trick. The ads are gone, and Lavasoft isn't pulling up the root kit anymore.

AVG is still pulling up changes to the ntsokrnl.exe. I'll probably end up just buying Vista after Christmas and nuking then, but in the mean time, is there anything I can do about the kernel, even if it's just for sanity's sake?

Airan

Do you have a Windows CD? Try System Recovery/Repair (forgot what it's called) and see if it replaced the damaged file.