2006-07-30 06:06:43 · 11 answers · asked by e t 1 in Computers & Internet ➔ Security
There's a removal tool for that trojan here:
http://forums.mcafeehelp.com/viewtopic.php?t=57153
2006-07-30 06:10:19 · answer #1 · answered by Bamba 5 · 0⤊ 0⤋
WinKRootkit Removal Tool v1.0 (Protector for Adware-CommonName)
I have created an automatic tool to remove Trojan WinKRootKit which is currently set up to protect Adware-CommonName (Adware-CommonName.dll).
What does this tool do?
* Creates a log on the All Users Profile Desktop, "WinKRootKit.txt"
* Detect the presense of the WinKRootkit service.
* Locate the protected program file(s) that are running and kills them.
* Disables the rootkit protection
* Deletes the protected files
* Removes registry data added by the protected programs.
* Restarts the computer
* Removes WinKRootKit Service and kernel file.
* Removes anything left over from the first session (before reboot)
* Restarts the computer
Download Link -> WinKRootKitRemover.exe [116 KB]
MD5 Sum: d37ebc5381fc84bf03d67c1bbea09fbd
More information about the rootkit
The trojan hooks into some low level service points. Here are the values this root kit monitors:
* NTDeleteKey
* NTDeleteValueKey
* NTEnumerateKey
* NTEnumerateValueKey
* NTSetValueKey
What this means is as long as this kernel driver is running, it can intercept, change, protect, or hide registry keys and values. This is why tools like KillBox do not work. The Registry keys to delete this trojan on reboot are automatically undone. Also, any attempt to remove protected files will be denied. The kernel driver is loaded as a File System Driver (Can't be unloaded once loaded) and starts at BOOT. This means it is loaded VERY early in the boot process, before the Windows 2000/XP logo startup sequence.
Many thanks to Mc Affee
2006-08-03 07:19:14 · answer #2 · answered by rookethorne 6 · 0⤊ 0⤋
It is a bear to get rid of. Some simply reformat and reload.
Actually, if you invest in a second drive and copy everything over to that, a reformat and reload is a good clean up. Windows does get really messy as time goes on. I did that recently and my machine does run so much better now. The couple of days work reloading was worth it.
There are cleaners but since rootkit hides so well, you'll never know for sure.
2006-07-30 13:13:36 · answer #3 · answered by blackfangz 4 · 0⤊ 0⤋
I got so tired of the CRAP, the 150,000 Microsfot virus, trojan, and -bot definitions!
So, I switched all our computers over to the free system, on the LiveCDrom, that includes a huge choice of 5,000 games, programs, applications, office suites, school programs, astronomy, physics, math, chemistry,biology programs and 'games' that are educational!
http://pclinuxos.com
The 1,500 more commercial games that play, are at http://transgaming.org/gamesdb/
2006-07-30 13:30:14 · answer #4 · answered by Anonymous · 0⤊ 0⤋
Format the hard-drive for a completely permanent solution, otherwise set an antiv-virus such as Norton on it, and then follow their instructions for removal.
2006-07-30 13:10:46 · answer #5 · answered by nkellingley@btinternet.com 5 · 0⤊ 0⤋
protect your PC with Norton's
it the best and gives real piece of mind
i think that is a Trojan horse you have and very hard to get off email for More info
damocollier@yahoo.co.uk
2006-07-30 13:12:25 · answer #6 · answered by xxxxxxxxxx 3 · 0⤊ 0⤋
Windows Defender will fix that.
2006-07-30 13:10:16 · answer #7 · answered by Anonymous · 0⤊ 0⤋
mcafee have removal tool for it click on the link below
2006-07-30 13:11:44 · answer #8 · answered by honeypot 3 · 0⤊ 0⤋
Spybot Search and Destroy
2006-07-30 13:09:05 · answer #9 · answered by Big Perm 3 · 0⤊ 0⤋
http://vil.nai.com/vil/averttools.asp#stinger <,download that tool ,save to desktop,run it and it will clean that trojan
2006-07-30 13:12:45 · answer #10 · answered by Anonymous · 0⤊ 0⤋