August 24th2008

A day or two back, my friend H-N was at my place for some work reasons, and guess what, he got Najam‘s external HDD with him, which had his files, a dozen and more bunch of viruses..

My antivirus (avast), instantly recoginized these viruses, and stopped most of them, some were too quick and planted them in my OS drive, which is absolutely a primary drive to run the operating system of the computer..

2 days later and my computer was still infected, I actually was occupied with work that’s not related to computers so this dis-infection of the computer was delayed. DAMN !

Any how, this particular night, I had enough of this virus pop ups from my AntiVirus scanner, and I decided to get rid of it, with a little help from the internet (my little form of research), I discovered it was a Rootkit virus, which generally are a bit hard to remove. Any how I guess most of it or a 100% of it are gone now, since all the dsoftwares I used to disinfect my computer say that there’s no more virus in my 320 GB HDD..

I m going to list all the softwares and methods below so anyone who gets something as nasty can get some help from here.

My Antivirus is Avast Home Edition 4.8, and prompted that I had some infected file in <System Root>\system32\drivers folder which was called klif.sys, I moved it to the antivirus chest, in other words quarantined it, and then deleted it from the chest, means making it ineffective and deleting it, obviously even deleting this would not help, since it had spread a bit. So I also ran a boot time scan of my computer, after I had run a thorough scan.

My next step was to run a complete spyware scan of my HDD, which revealed I had 2 registry values added or modified, I used Spybot Search & Destroy and TrendMicro Hijack this, for this purpose.

I also had to look up manually if any autorun files had been added, and there’s no surprze they had been done so on all my fixed Hard drives and also my ipod which was connected.. These files would pop up each time even after I had removed them.. so what I did was to run a live version of Ubuntu which I had just downloaded and remove all the autorun files from there.. for those who’re wondering, ubuntu is a free linux distribution, recommended for any home/pro user.

I then booted again in to Windows XP, and reran the antivirus and antispyware and used Sophos Rootkit Remover, this also found something, and cleaned it for me.

I ran an antivirus again and found out that my computer was now been clean, but somehow, I couldn’t still view the hidden files, no matter how many times I enables/disabled it from the folder options, so I searched a bit and found that a registry value could’ve been added/modified, and as I checked indeed, it had been modified, so yes, I modified it again, and you can find the solution to it here. It’s a bit of a registry work, so proceed with caution.

So now I have my computer back, anyone who has been bothered by my “non-presence” this was the reason, I m sorry.

I m hoping everyoen says safe from Viruses, please if you still haven’t got an antiviurs, do so and keep your files safe, and donot connect drives unless they’ve been checked for viruses, getting the viruses off your system is a big hassle, trust me.

Oh and if this helps any one, do tell me.

Published on Sunday, August 24th, 2008 (3:20 pm). You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Post a comment

Watch what you say!

Fields in red are a requirement. and donot worry I don’t spam or sell your email address to anyone.

Powered by Wordpress &