Backdoor Rustock

[CLumzy]

I have had a few problems with my laptop, i was casually checking my emails, and i got the "Blue screen of Death". Occasionally after when i would log on it would come up with a message from my virus scanner, saying : "Trojan tryin to enter", i would decline, but some how, eventually it must of got through.

Now everytime i get to the screen to log in it straight away blue screens, occasionally it will let me into my user account but then blue screens a short while after.

I have Vista home premium, i cant do D2D recovery or restore
And yes i know Home premium sucks, but i wasnt as knowledge back then!

I wondered how i would fix this?

 

[rive0108]

You can try a system restore to a point before the Corruption/Infection occured (if a restore point still exists).
Otherwise your only option is a re-install

Do not use registry cleaners as these will result in corruption and Vista re-installation


try these (in order):


Free ESET Online Antivirus Scanner (online malware scanner/cleaner. Be sure to check for "unwanted" programs)

Kaspersky Virus Scanner

System Files - SFC Command
Run sfc/scannow under "Administrator:Command Prompt" to check for integrity Violations and repair if possible

How To Make Vista more responsive and faster (checks drive for file attribute errors)

 

[dk70]

And install/run the usual removers like Malwarebytes SUPERAntiSpyware.com - AntiAdware. AntiSpyware. AntiMalware. and SuperAntiSpyware SUPERAntiSpyware.com - AntiAdware. AntiSpyware. AntiMalware. They are designed to work with whatever you got and wont conflict, free versions definitely not. So install and hope for an easy fix.

Sounds like you got a confused AV/firewall? Ive seen an infected/partly disabled Norton installation before so for now dont trust anything May be AV is causing bsod? No harm done in uninstalling, use products own unistall tool if problems, and reinstall. Or try something else.

Go crazy with scanning but I would do it in this order. First those 2 mentioned and perhaps live cd from Kaspersky, Avira, then online scanners. Dont stop just because Malwarebytes find whatever and says it is removed. Continue with SuperAntiSpyware and online scanners. You can relax when you know details of infection, not before that. You must be very sure current installed AV is healthy and working - if not to 100% satisfaction.

If you cant even log in (safe mode?)then may be time for live/rescue cds. Aviras is nice and easy to burn/use so try that first http://www.freeav.com/en/tools/12/avira_antivir_rescue_system.html There are others like Dr. Webs http://freedrweb.com/livecd/?lng=en If more comfortable using cd from what you have installed now go for it. Last I checked Kaspersky, Avira, Bitdefender, Dr.Web are ok and possible to use for everyone, including non-customers. Rest blows or dont exist.

http://www.malwarebytes.org/malwarenet.php?name=Backdoor.Rustock seems like piece of cake for every decent scanner Google it. But then comes the variants etc. Scan until you puke.

So how you know name of infection "Backdoor.Rustock" ? AV/Firewall asking you to accept Trojan? Guess it depends on how you set it up. Did you make a gigantic mistake?

 

[CLumzy]

I cant get onto the laptop to scan it, plus ive been using avira as my anti-virus etc. and couldnt find, i cant seem to run any of the software you have mentioned because when i try nuthin happens, and i cant even get into my laptop.I can get in to safe mode, but it wont let me do anything alterating, it says im not administrator.

 

[dk70]

Well that sucks. I dont know an easy fix but would continue with rescue cds. They are meant for such situations. And try Avira again. Their cd is updated from site only. Other cds must be updated before scan, so opposite Avira.

Kaspersky: Index of /devbuilds/RescueDisk/
BitDefender: Index of /rescue_cd
- how to use: Using the BitDefender Rescue CD
- how to update (dont remember if done automatically): How to Update the BitDefender RescueCD

You know where to get Dr. Web and Avira. If nothing is found then go straight to system restore as rive0108 said. I would do rescue first but if System Restore let you at least log in properly then may be better - unless infection is stuck on being only ADM now. Dont know how much you can expect system restore to fix infection, there some 1000s of them. Worth a try and how can it get any worse...

If you did not mention notification about trojan most would think Windows is simply "broken" - then more reason to do system restore than scanning for infection. http://www.vistax64.com/tutorials/76905-system-restore-how.html?ltr=S

Possible you end up thinking why did I not just back up my docs etc., install Windows with reformat instead of spending hours scanning? Also works

 

[rive0108]

I cant get onto the laptop to scan it, plus ive been using avira as my anti-virus etc. and couldnt find, i cant seem to run any of the software you have mentioned because when i try nuthin happens, and i cant even get into my laptop.I can get in to safe mode, but it wont let me do anything alterating, it says im not administrator.

Take your Vista DVD, put it in the optical drive, hold power button in, then restart, boot off the disk by hitting "any key to boot off disk" when you see the prompt. Access advanced recovery utility, and click "System Restore"/ or just re-install Vista. Depending on your computer, at boot you should see something like "F2 to enter BIOS Setup, F12 for Boot Oder, F4 for Recovery Options..." If you have a recovery Partition, boot into that at repair/re-install.
http://www.vistax64.com/tutorials/194765-system-recovery-options.html (booting into Vista disk/Recovery Partition- and restoring Windows)

 

[CLumzy]

Thank you very much, my computer has been fixed, when i bought the laptop it came with vista installed on it, but no disc, so i borrowed my m8s vista home premium disc, and did wat rive's last post was, and it worked, thanks heaps