Printable View
I have heard that we will have to reinstall the Windows operating system if the system is once infected with the Rootkit. I am having the Avira Antivirus in my computer and I don’t want to have any such infection in my computer and so I am posting this here to know more about the Rootkit infection and how one can keep away from such issues.
yes, this is already declared by the Microsoft that if your system got infected by this then you will have to install the operating system again and there will be no way to get this issue solved. This is the only thing that you can do for this once you are infected with that. So it will be best for you to keep the antivirus updated (whichever you are using) and do periodic scanning of the system.
The use of specific anti-rootkit products overcomes the problem only if the developer of the malware has not taken note of the mode of operation of such products. They have created the new rootkits that is able to "fool" pre-existing anti-rootkit. Basically it's a constant competition between the producers of malware, and those of anti-rootkit applications in an attempt to create more efficient than those opposed. The use of anti-malware analysis systems off-line or that do not require the start of the operating system for analysis can resolve the situation because if you start the system then that will not operate even the rootkit , if infected.
Normally, The boot sector infection of any Windows version from the Trojan Win32/Popureb.E force them to recover the system with the operating system disks. Microsoft is warning Windows users in the case of their being infected with a new Trojan that hides in the boot sector or rootkit machines, forced to have to reinstall the Windows operating system. This is a new variant of a Trojan that Microsoft calls "Popureb", which is housed inside the system with consequences that the only way to eradicate it is to return Windows to its initial state, when it was installed by first time. Here you can see the name of the Trojan known as Trojan: Win32/Popureb.E, warning that in the case of an affected machine, you must use the recovery discs operating system to bring the system to a previous state to infection. To recover the MBR (Master Boot Record), you should use the system recovery console, which supports commands such as the "fixmbr". This allows repair the boot sector or file system master boot record.
I am one of them whose system has got infected with that. I would like to tell you that I lost all my files that were in Control Panel> Administrative files. Other than this the display of recently used programs in the Start is gone. I tried many things to get this solved but none of them helped me. Finally I forced to reinstall the operating system. So this is very dangerous and it will better for you to keep the antivirus updated.
My advice to you is a full scan by security software that can detect even rootkits. This should be done before installing the patch released. You can refer to the rootkit cleaner from eSage Lab , which specifically detects and cleans TDSS. The security researcher offers instructions to clear the infection. This requires a Windows XP installation CD to restore the original Atapi.sys. Even after that is a full malware scan.
I would like to tell you that replacing the infected file "atapi.sys" with a clean version ensures that the BSOD affected machine to boot normally again. however, that Rootkits are often used to conceal other malware. Therefore my recommendation to all stakeholders is to thoroughly examine your system for infections. Maybe a clean install would be the better choice because the Security experts frequently warn that it is not guaranteed even after the removal of malware.
I found this somewhere on internet that the Rootkits are often implemented through the attackers in order to protect the follow-on malware similar to the banking password-stealing Trojans. So, if this is true then I don’t think that this is the new thing on Windows.
Microsoft supports this kind of situations, depending on which OS version you have installed on your computer, we must act in one way or another. Here are the links to the recommendations for each system:
- For Windows XP : Install and use the Recovery Console in Windows XP
- For Windows Vista: Windows Vista Recovery System
- For Windows 7: Windows 7 System Recovery
Yes, that requires you to do reinstall of the system as there is no alternate solution for this and you will have to do this. I was also trying to solve this n many of the ways but none of them seemed to helpful to me. Finally I reinstalled the operating system and wish that it will not occur again with my system.