Malware removal

I’ve spent a fun evening1 trying to get rid of some insidious malware on the house gaming PC. I think it’s mostly gone, though I’m not certain (and I don’t have the day’s time to reinstall everything). However, I did find some useful stuff along the way.

Firstly, even though googling for something related to the malware will turn up some information about it, chances are that it’s a bloody rootkit that’s thrust itself into the windows kernel like a rhino in heat. So you won’t be able to see, or delete the files it’s talking about.

Finding out problems that are being covered up by the rootkit is greatly aided by the wonderful sysinternals utilities. In particular RootkitRevealer successfully found a number of hidden registry entries. Later on, AutoRuns helped me to find a few other things lurking around my boot process.

But the real pièce de résistance was ntpasswd: a miniature bootable Linux, only 3Mb, which made finding and removing those troublesome files (even though they’re on an NTFS partition) a snap. I like it a lot. Plus, it’ll let you change the admin password on people’s PCs, so I may have to take it in to work. 🙂

Anyway, the end result is that I’ve spent a couple of hours working on something I don’t particularly care about by somebody on the other side of the planet who doesn’t know me from Adam. Isn’t the Internet a sheer bloody marvel?

Now. Work or bed?

1 as in “not fun at all.”