A friend had a problem with his computer running slow, crashing a lot, not booting up properly and many other abnormal things.
After a bit of looking around I discovered he had a lot of Malware and Spyware including a couple of Rootkits.
I used the Rootkitrevealer from System Internals to search for the hidden rootkits. I used Spybot from R & D to clean up a lot of the spyware and malware. I then used RegCleaner to clean up the registry.
The main guilty files I found were:
c:\WINNT\system32\drivers\fipmkchw.sys
c:\WINNT\system32\wsnxress.exe
c:\Programme\Vircanon (The folder contained a number of dodgy files - according to different anti-spyware companies - and a subfolder with logs)
They were all invisible to both Windows Explorer and MS-DOS. I removed the hard drive and added as a slave to another computer. The offending files were now visible.
I used the Autorun program from System Internals to find the registry key used at the startup.
The computer now boots up 1 minute 35 seconds faster.
Saturday, March 04, 2006
Subscribe to:
Posts (Atom)