Welcome to Pegasus Mail & Mercury Sign in | Join | Help

Peter Strömblad

Peter lives in Sweden and is an independent contractor with hosting services.
Malware from hell !

Yesterday I installed a newer version to a software I've trusted for a longer period of time. With the update from version 2.5 to 2.8 of FTP-Master I got as a bonus NDotNet. It's an adware, pretty harmless according to all leading antivirus experts. Well to me it wasn't!

The darn thing got my tcp/ip stack to completely go bonkers. Up the wall, and wouldn't come back in place.

During my attempts at getting back on line (I'm glad I've got more than one computer and a USB-Vault) I learned that MS-System Restore is a total waste on an HP-Laptop. This since it monitors the HP_Recovery partition, which can't be restored so that system restore back in time fails.... Really smart HP !!!

I also learned that one of the leading vendors of antivirus software in fact doesn't do that good a job. Sure it detected the risk, and stopped it. But didn't mend the side-effects, and yes a full system scan is not a full scan - since the restore points are not searched... Great going Symantec!!! - and also missed out on a number of deeply hidden directories that was scanned when doing a rootkit search by RootKitRevealer.

So how did I loose the darned thing?

  1. Remove the network cord
  2. Run RootKitRevealer, and have your antiviral software block out any adware it finds. (takes 1 hour)
  3. Reboot, and do it again. Research all other messy stuff, and get rid of the mess. You shouldn't have more than 5-10 rows of non important or known differences listed.
  4. Repair WS2_32.dll manually. You have to get the correct version and insert it by a small software InUse.Exe.
  5. Reboot, and repair the registry points at hkey_local_machine\system\currentcontrolset\services\winsock2\parameters\
  6. Reboot, and try RootKitRevealer again, and you should be back in business.

Summary

  • In about 20 seconds I ruined my PC.
  • It took me 9 hours to search and destroy the infection.
  • I saved a week of grieving and reinstallation.
Posted: Monday, April 02, 2007 9:18 AM by Peter Strömblad

Comments

Internet Security said:

If your looking for even more information on PC security then I would head over here as they have plenty of stuff on identity theft, antivirus software etc.

# July 18, 2008 1:18 PM
Anonymous comments are disabled