Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    Joined
    Mar 2002
    Location
    Sarasota, FL
    Age
    53
    Posts
    2,496

    Question Mom's computer got the Cidox.b rootkit ?

    My Mom's still running WinXP and the long-term solution will be to get her a new computer, but for now what do we do? I tried this stuff in normal mode (trying to boot into safe mode gives me a BSOD for some odd reason):
    http://malwaretips.com/blogs/malware...e-for-windows/

    Kaspersky TDSS found a few things and cured it, RKill turned stuff off, the MBAM found some stuff and got rid of them, but the original thing I found kept happening and after running MBAM and reboot disinfect, I couldn't start it again. Never got to run Superantispyware stage. After I tell you what I noticed below, then let me know my next step (might not be able to do it until Saturday though):

    In C:\Documents and Settings\All Users\ApplicationData\ whatever is infecting the computer creates a subdirectory (usually beginning with V or Z) and puts a dat file in there and this file is set to start at startup (I can see it msconfig). I temporarily created dummy file and overwrote it, but that only works for a half-hour or so, then another subd is created and the process continues. Any ideas? Thank you.
    Skaarj-laptop:Asus G750JW-NH71,Win8.1,Corei7-4700HQ,12GB DDR3 RAM,Nvidia GTX 765M 2GB,Realtek HD,TSST CDDVDW SN-208DN,WDC 750GB HD...
    SkaarjMasterDuo:WinXPSP3, Core2Duo E8600(Gigabyte GA-EP45-UD3P),Noctua NH-C12P,4GB Corsair XMS2 TWIN2X4096-8500C5 RAM,Nvidia EVGA GTX-750Ti 1GB,SB Audigy2 6.1,Klipsch 5.1 sats,Dayton sub,Pioneer VSX-819H-K rec,,Enermax 850W PSU,Lian-Li PC-71B full tower,Pioneer DVR-216D,BenQ DW1655,Asus E818A3T,2-1TB WD HDs.....
    Dragonslayer (at Mom's house now): WinXPSP3, P4 3.2GHz(Asus P4P800-Deluxe),Thermalright SLK-947U,3GB Corsair XMS PC3200 RAM,ATI Radeon 9800Pro 256MB,VGA Silencer,SB Audigy2 5.1,Seasonic 500W PSU,Silverstone FT01-B mid tower,LG DVD burner,Asus E616P3..
    Dragon1: (off for now, will not boot) Win98SE, AthlonXP 1900+(Soyo SY-K7V Dragon+),Thermalright AX-7, 512MB Crucial 2.5 DDR PC2100 SDRAM MSI GeF4Ti4400,SB AudigyGamer,Enermax 431W PSU...

  2. #2
    Joined
    Feb 2004
    Location
    Janesville, Wi
    Posts
    6,403

    Re: Mom's computer got the Cidox.b rootkit ?

    nuke and pave


  3. #3
    Joined
    Sep 2014
    Location
    Utah
    Posts
    45

    Re: Mom's computer got the Cidox.b rootkit ?

    I would format and reinstall.
    You could also get continuing xp security updates via this method: http://www.overclockers.com/forums/s...ead.php/747423
    Gaming and Occasional Mining Rig: Rampage IV black, Watercooled 4930k, Water Cooled - Triple 290X. DarkPower Pro 1200. Crammed into a Fractal Design XLR2.

    UrubuDark in Origin

  4. #4
    Joined
    Mar 2002
    Location
    Sarasota, FL
    Age
    53
    Posts
    2,496

    Re: Mom's computer got the Cidox.b rootkit ?

    Nuke and pave is the long-term solution and I'm not dealing with a format and reinstall at this time. Thanks for the link though. Someone suggested to me that maybe I could disable APIC (or whatever that is) in the BIOS and maybe the computer would boot into safe mode without crashing. Any other ideas?

    EDIT: oh, and yes, it is the Dragonslayer computer in my sig.
    Last edited by SkaarjMaster; 11-04-2014 at 03:24 PM.
    Skaarj-laptop:Asus G750JW-NH71,Win8.1,Corei7-4700HQ,12GB DDR3 RAM,Nvidia GTX 765M 2GB,Realtek HD,TSST CDDVDW SN-208DN,WDC 750GB HD...
    SkaarjMasterDuo:WinXPSP3, Core2Duo E8600(Gigabyte GA-EP45-UD3P),Noctua NH-C12P,4GB Corsair XMS2 TWIN2X4096-8500C5 RAM,Nvidia EVGA GTX-750Ti 1GB,SB Audigy2 6.1,Klipsch 5.1 sats,Dayton sub,Pioneer VSX-819H-K rec,,Enermax 850W PSU,Lian-Li PC-71B full tower,Pioneer DVR-216D,BenQ DW1655,Asus E818A3T,2-1TB WD HDs.....
    Dragonslayer (at Mom's house now): WinXPSP3, P4 3.2GHz(Asus P4P800-Deluxe),Thermalright SLK-947U,3GB Corsair XMS PC3200 RAM,ATI Radeon 9800Pro 256MB,VGA Silencer,SB Audigy2 5.1,Seasonic 500W PSU,Silverstone FT01-B mid tower,LG DVD burner,Asus E616P3..
    Dragon1: (off for now, will not boot) Win98SE, AthlonXP 1900+(Soyo SY-K7V Dragon+),Thermalright AX-7, 512MB Crucial 2.5 DDR PC2100 SDRAM MSI GeF4Ti4400,SB AudigyGamer,Enermax 431W PSU...

  5. #5
    Joined
    Mar 2002
    Location
    Sarasota, FL
    Age
    53
    Posts
    2,496

    Re: Mom's computer got the Cidox.b rootkit ?

    OK, so the reinstall or just getting a Windows8 computer is looking better and better, but funds are extremely limited. I'm trying to save the install for a while longer if possible. Believe it or not, the cable went out at the house this weekend so I used this opportunity to try and do stuff while it was disconnected from the internet. I ran RKill, TDSSKiller, RKill and SuperAntiSpyware (SASW), but MBAM would not run (still said software restriction policy, well we know that was messed with by some malware). It cleared up a few things, but probably not enough without running MBAM. Someone sugggested renaming MBAM exe file (or even subd) and see what happens. I did the following yesterday (cable was back up and running), since trying many things over the weekend (including various combos of disabling APIC in bios and booting from slipstream disc, chkdsk /r, etc.) and the computer would not boot into safe mode (gave one-line STOP BSOD with what looks like RAM location):

    1. pulled out ethernet cord
    2. changed name of MBAM.exe (did not work), so changed name of MBAM subd (this worked and program ran with updates from a week ago) >> results removed some malware (Trojan.Proxy.Bunitu > bcikmao, bcikmao.dll; Trojan.Agent.RUGen; PUP.Optional.MindSpark.A)
    3. ran SASW (updates from week ago) >> results showed removal of some spyware/adware
    4. ran RKill, TDSSKiller, RKill, TDSSKiller (nothing left to remove)
    5. ran MBAM again >> clean
    6. ran SASW again >> clean
    7. ran DiskCleanup
    8. cleared history, temp, etc. in IE & Chrome
    9. checked into manually removing Rootkit.Boot.Cidox.b and found some strange subdirectories under c:\docs-settings\(user name)\local settings\application data\ >> Ojhics, Icbvsoft. Also, I found some strange registry keys under CU\software and LM\software >> Cgtckfhsfw, Ojhics, Sprfujuj and xfxMxw.
    10. I also noticed that almost all of the msconfig stuff was gone, but maybe I took this out temporarily (can't remember for sure).

    My plan for next weekend is the following (first with ethernet cord still disconnected):
    11. delete some of the strange stuff in subds and registry
    12. run Process Explorer and see what happens
    13. run TDSSKiller/RKill
    15. run full scan of MBAM
    16. run full scan of SASW
    17. also try Tweaknow Regcleaner

    Eventually, I'll have to reconnect the ethernet cord and see what happens. I'll probably try some stuff from link in first post and this link as well:
    http://malwaretips.com/threads/how-t...-malware.6941/

    Anyone have any other suggestions? Thank you.
    Last edited by SkaarjMaster; 11-12-2014 at 12:22 AM.
    Skaarj-laptop:Asus G750JW-NH71,Win8.1,Corei7-4700HQ,12GB DDR3 RAM,Nvidia GTX 765M 2GB,Realtek HD,TSST CDDVDW SN-208DN,WDC 750GB HD...
    SkaarjMasterDuo:WinXPSP3, Core2Duo E8600(Gigabyte GA-EP45-UD3P),Noctua NH-C12P,4GB Corsair XMS2 TWIN2X4096-8500C5 RAM,Nvidia EVGA GTX-750Ti 1GB,SB Audigy2 6.1,Klipsch 5.1 sats,Dayton sub,Pioneer VSX-819H-K rec,,Enermax 850W PSU,Lian-Li PC-71B full tower,Pioneer DVR-216D,BenQ DW1655,Asus E818A3T,2-1TB WD HDs.....
    Dragonslayer (at Mom's house now): WinXPSP3, P4 3.2GHz(Asus P4P800-Deluxe),Thermalright SLK-947U,3GB Corsair XMS PC3200 RAM,ATI Radeon 9800Pro 256MB,VGA Silencer,SB Audigy2 5.1,Seasonic 500W PSU,Silverstone FT01-B mid tower,LG DVD burner,Asus E616P3..
    Dragon1: (off for now, will not boot) Win98SE, AthlonXP 1900+(Soyo SY-K7V Dragon+),Thermalright AX-7, 512MB Crucial 2.5 DDR PC2100 SDRAM MSI GeF4Ti4400,SB AudigyGamer,Enermax 431W PSU...

  6. #6
    Joined
    Nov 2001
    Location
    I've moved.....I'm over here now.
    Age
    59
    Posts
    7,289

    Re: Mom's computer got the Cidox.b rootkit ?

    Combofix and then Adwcleaner in Safe Mode.

  7. #7
    Joined
    Mar 2002
    Location
    Sarasota, FL
    Age
    53
    Posts
    2,496

    Re: Mom's computer got the Cidox.b rootkit ?

    Any idea how I get into safe mode? I've tried a bunch of different things. Anything I should do before connecting to internet again?
    Skaarj-laptop:Asus G750JW-NH71,Win8.1,Corei7-4700HQ,12GB DDR3 RAM,Nvidia GTX 765M 2GB,Realtek HD,TSST CDDVDW SN-208DN,WDC 750GB HD...
    SkaarjMasterDuo:WinXPSP3, Core2Duo E8600(Gigabyte GA-EP45-UD3P),Noctua NH-C12P,4GB Corsair XMS2 TWIN2X4096-8500C5 RAM,Nvidia EVGA GTX-750Ti 1GB,SB Audigy2 6.1,Klipsch 5.1 sats,Dayton sub,Pioneer VSX-819H-K rec,,Enermax 850W PSU,Lian-Li PC-71B full tower,Pioneer DVR-216D,BenQ DW1655,Asus E818A3T,2-1TB WD HDs.....
    Dragonslayer (at Mom's house now): WinXPSP3, P4 3.2GHz(Asus P4P800-Deluxe),Thermalright SLK-947U,3GB Corsair XMS PC3200 RAM,ATI Radeon 9800Pro 256MB,VGA Silencer,SB Audigy2 5.1,Seasonic 500W PSU,Silverstone FT01-B mid tower,LG DVD burner,Asus E616P3..
    Dragon1: (off for now, will not boot) Win98SE, AthlonXP 1900+(Soyo SY-K7V Dragon+),Thermalright AX-7, 512MB Crucial 2.5 DDR PC2100 SDRAM MSI GeF4Ti4400,SB AudigyGamer,Enermax 431W PSU...

  8. #8
    Joined
    Nov 2001
    Location
    I've moved.....I'm over here now.
    Age
    59
    Posts
    7,289

    Re: Mom's computer got the Cidox.b rootkit ?

    I missed that. Run them in normal mode. Afterwards, try Safe Mode again. If you can get into it, run them again there.

  9. #9
    Joined
    Mar 2002
    Location
    Sarasota, FL
    Age
    53
    Posts
    2,496

    Re: Mom's computer got the Cidox.b rootkit ?

    OK, but what about all the programs mentioned in those two links I haven't tried yet (or haven't been suggested in this thread). Are they worth trying at all?
    HitManPro
    RogueKiller
    Junkware Removal Tool
    Eset Online Scanner
    Emsisoft Emergency Kit
    Skaarj-laptop:Asus G750JW-NH71,Win8.1,Corei7-4700HQ,12GB DDR3 RAM,Nvidia GTX 765M 2GB,Realtek HD,TSST CDDVDW SN-208DN,WDC 750GB HD...
    SkaarjMasterDuo:WinXPSP3, Core2Duo E8600(Gigabyte GA-EP45-UD3P),Noctua NH-C12P,4GB Corsair XMS2 TWIN2X4096-8500C5 RAM,Nvidia EVGA GTX-750Ti 1GB,SB Audigy2 6.1,Klipsch 5.1 sats,Dayton sub,Pioneer VSX-819H-K rec,,Enermax 850W PSU,Lian-Li PC-71B full tower,Pioneer DVR-216D,BenQ DW1655,Asus E818A3T,2-1TB WD HDs.....
    Dragonslayer (at Mom's house now): WinXPSP3, P4 3.2GHz(Asus P4P800-Deluxe),Thermalright SLK-947U,3GB Corsair XMS PC3200 RAM,ATI Radeon 9800Pro 256MB,VGA Silencer,SB Audigy2 5.1,Seasonic 500W PSU,Silverstone FT01-B mid tower,LG DVD burner,Asus E616P3..
    Dragon1: (off for now, will not boot) Win98SE, AthlonXP 1900+(Soyo SY-K7V Dragon+),Thermalright AX-7, 512MB Crucial 2.5 DDR PC2100 SDRAM MSI GeF4Ti4400,SB AudigyGamer,Enermax 431W PSU...

  10. #10
    Joined
    Nov 2001
    Location
    I've moved.....I'm over here now.
    Age
    59
    Posts
    7,289

    Re: Mom's computer got the Cidox.b rootkit ?

    I always start by connecting the target drive as a data drive to one of my machines to run a virus scan When I reconnect the drive to the original host, I start with a program called tfc.exe (a good temporary file deleter). Afterwards, I've found that these Combofix and Adwcleaner are the one that do most of the heavy hitting for me. I then run Malwarebytes to clean up anything that's left. If you need more after running them, which I seldom do, of the ones you have listed, I would pick Hitmanpro.

  11. #11
    Joined
    Mar 2002
    Location
    Sarasota, FL
    Age
    53
    Posts
    2,496

    Re: Mom's computer got the Cidox.b rootkit ?

    I was thinking about running it as a data drive, but I didn't want to run the risk of infecting another machine. I guess if it hasn't got through the router to another machine already, then it probably won't get through the same computer as a data drive, but you never know.

    Can I run MS Security Essentials on a Win7 machine on it as a data drive? I can do that there (on Saturday); otherwise, I have to take it to my house 6 days from now. Sounds like a good plan though.
    Skaarj-laptop:Asus G750JW-NH71,Win8.1,Corei7-4700HQ,12GB DDR3 RAM,Nvidia GTX 765M 2GB,Realtek HD,TSST CDDVDW SN-208DN,WDC 750GB HD...
    SkaarjMasterDuo:WinXPSP3, Core2Duo E8600(Gigabyte GA-EP45-UD3P),Noctua NH-C12P,4GB Corsair XMS2 TWIN2X4096-8500C5 RAM,Nvidia EVGA GTX-750Ti 1GB,SB Audigy2 6.1,Klipsch 5.1 sats,Dayton sub,Pioneer VSX-819H-K rec,,Enermax 850W PSU,Lian-Li PC-71B full tower,Pioneer DVR-216D,BenQ DW1655,Asus E818A3T,2-1TB WD HDs.....
    Dragonslayer (at Mom's house now): WinXPSP3, P4 3.2GHz(Asus P4P800-Deluxe),Thermalright SLK-947U,3GB Corsair XMS PC3200 RAM,ATI Radeon 9800Pro 256MB,VGA Silencer,SB Audigy2 5.1,Seasonic 500W PSU,Silverstone FT01-B mid tower,LG DVD burner,Asus E616P3..
    Dragon1: (off for now, will not boot) Win98SE, AthlonXP 1900+(Soyo SY-K7V Dragon+),Thermalright AX-7, 512MB Crucial 2.5 DDR PC2100 SDRAM MSI GeF4Ti4400,SB AudigyGamer,Enermax 431W PSU...

  12. #12
    Joined
    Nov 2001
    Location
    I've moved.....I'm over here now.
    Age
    59
    Posts
    7,289

    Re: Mom's computer got the Cidox.b rootkit ?

    Sure you can.

  13. #13
    Joined
    Aug 2013
    Posts
    50

    Re: Mom's computer got the Cidox.b rootkit ?

    I wouldn't call format, reinstall a long term solution. Just think the 10 days this thread has been active, you could reinstalled windows clean in a few hours. The real point I am getting at is you don't know what else is on that machine now that is undetected. Rootkits if made right are hard or near impossible to get rid of.

  14. #14
    Joined
    Mar 2002
    Location
    Sarasota, FL
    Age
    53
    Posts
    2,496

    Re: Mom's computer got the Cidox.b rootkit ?

    Don't bother responding if you can't read.

  15. #15
    Joined
    Mar 2002
    Location
    Sarasota, FL
    Age
    53
    Posts
    2,496

    Re: Mom's computer got the Cidox.b rootkit ?

    Looks like it might have worked....details tomorrow.
    Skaarj-laptop:Asus G750JW-NH71,Win8.1,Corei7-4700HQ,12GB DDR3 RAM,Nvidia GTX 765M 2GB,Realtek HD,TSST CDDVDW SN-208DN,WDC 750GB HD...
    SkaarjMasterDuo:WinXPSP3, Core2Duo E8600(Gigabyte GA-EP45-UD3P),Noctua NH-C12P,4GB Corsair XMS2 TWIN2X4096-8500C5 RAM,Nvidia EVGA GTX-750Ti 1GB,SB Audigy2 6.1,Klipsch 5.1 sats,Dayton sub,Pioneer VSX-819H-K rec,,Enermax 850W PSU,Lian-Li PC-71B full tower,Pioneer DVR-216D,BenQ DW1655,Asus E818A3T,2-1TB WD HDs.....
    Dragonslayer (at Mom's house now): WinXPSP3, P4 3.2GHz(Asus P4P800-Deluxe),Thermalright SLK-947U,3GB Corsair XMS PC3200 RAM,ATI Radeon 9800Pro 256MB,VGA Silencer,SB Audigy2 5.1,Seasonic 500W PSU,Silverstone FT01-B mid tower,LG DVD burner,Asus E616P3..
    Dragon1: (off for now, will not boot) Win98SE, AthlonXP 1900+(Soyo SY-K7V Dragon+),Thermalright AX-7, 512MB Crucial 2.5 DDR PC2100 SDRAM MSI GeF4Ti4400,SB AudigyGamer,Enermax 431W PSU...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •