Spyware and Malware

A friend had a problem with his computer running slow, crashing a lot, not booting up properly and many other abnormal things.

After a bit of looking around I discovered he had a lot of Malware and Spyware including a couple of Rootkits.

I used the Rootkitrevealer from System Internals to search for the hidden rootkits. I used Spybot from R & D to clean up a lot of the spyware and malware. I then used RegCleaner to clean up the registry.

The main guilty files I found were:
c:\WINNT\system32\drivers\fipmkchw.sys
c:\WINNT\system32\wsnxress.exe
c:\Programme\Vircanon (The folder contained a number of dodgy files - according to different anti-spyware companies - and a subfolder with logs)

They were all invisible to both Windows Explorer and MS-DOS. I removed the hard drive and added as a slave to another computer. The offending files were now visible.

I used the Autorun program from System Internals to find the registry key used at the startup.

The computer now boots up 1 minute 35 seconds faster.