Tech Support Forum - View Single Post - persistent rootkit and messenger service pop-ups

**amateur** · 02-18-2007, 08:10 AM

Hello dbstone & welcome back.

I am sorry to be the bearer of bad news but I must make you aware of the seriousness of one of the infections on your computer.

You have an SDBot infection that drops a RootKit. This combination pretty much gives the infection and the people behind it full control of your computer to do whatever they want with it. As such... and you've probably figured this out... your computer has been totally compromised.

You have two choices...

1. Format your Hard Drive and reinstall Windows. This is probably your wisest choice as it would totally eliminate the infection and any additional damage done by it.

2. We can clean the infections. But even with doing so I, unfortunately, cannot guarantee the security of your computer afterwards as I have no way of knowing what other damage has been done by the RootKit/RAT.

Please read these for more information and let me know which route you wish to go with:

Danger: Remote Access Trojans
http://www.microsoft.com/technet/security/...o/virusrat.mspx

When should I re-format? How should I reinstall?
http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

02-18-2007, 08:10 AM	#2 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,282 OS: XP SP3	Hello dbstone & welcome back. I am sorry to be the bearer of bad news but I must make you aware of the seriousness of one of the infections on your computer. You have an SDBot infection that drops a RootKit. This combination pretty much gives the infection and the people behind it full control of your computer to do whatever they want with it. As such... and you've probably figured this out... your computer has been totally compromised. You have two choices... 1. Format your Hard Drive and reinstall Windows. This is probably your wisest choice as it would totally eliminate the infection and any additional damage done by it. 2. We can clean the infections. But even with doing so I, unfortunately, cannot guarantee the security of your computer afterwards as I have no way of knowing what other damage has been done by the RootKit/RAT. Please read these for more information and let me know which route you wish to go with: Danger: Remote Access Trojans http://www.microsoft.com/technet/security/...o/virusrat.mspx When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063 How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451 __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006