Jump to content

Change Mode

How To Remove Backdoor.bot?


yakukid
 Share

Recommended Posts

Flush your DNS cache and restore MS's Hosts file:

 

Copy and paste these lines in Note pad.

 

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset all

shutdown -r -t 1

del %0

 

Save as flush.bat to your desktop.

Double click on the flush.bat file to run it. Using Vista or Windows 7, right click and choose to run as Administrator.

 

Your computer will reboot itself.

 

Next, download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.

 

Save any unsaved work. TFC will close ALL open programs including your browser!

Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.

 

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

 

Malwarebytes' has been updated to version 1.50. Update and perform a full scan

 

Let us know if you're still being redirected.

Link to comment
Share on other sites

Jacee, I'm afraid I now have the Bootkit.TDSS virus. I've tried using your steps to remove it and scanning it with the latest version of MalwareBytes, but I'm not sure I am rid of it. Here's the partial log from my last full scan by MalwareBytes.

 

Files Infected:

c:\WINDOWS\Temp\3.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\5.tmp (Rootkit.TDSS.Gen) -> Delete on reboot.

 

 

Update: I am now certain I have the Alureon TDSS.TDL4 rootkit virus that infects the Master Boot Record. Please help me. :(

Edited by yakukid
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...