Taking bets; will MS Malicious Software removal...

Taking bets; will MS Malicious Software removal find and fix the rootkit that infected my laptop this morning.
 
I watched as my MSE turned itself off and I haven't been able to turn it on since.
 
Yuck.
 
 
 
 

I am guessing but I do not think a rootkit can keep the computer from starting up. It may affect that process and do it after the computer has power. MSMRemoval lists what it will take care of, but it does not work with rootkits. Get into your BIOS and set the boot up from another device and start it from the DVD or removeable disk drive or something or USB harddisk.
 
Don't know what OS you are running but there is a menu you can get up while starting up the computer. Last night I had downloaded a program from Resplendence - latency monitor, I installed the free version of it, and ran it a couple of times, changing some things in the BIOS to see how the computer would be affected. Well, one time the computer would not start up Windows 7 and of course the menu came up (or the error screen) and then I guess Windows tried to fix its self or (I could restore from a system restore which I did not try but the item of Windows fixing its self) and it could not. It checked everything and all of that and then I think it went back to re-starting the computer.
 
There was nothing wrong with  Windows 7 and the computer started up fine. After the computer got started again like normal - I uninstalled the program I had downloaded to try and never thought twice about it, and decided since it was the only program I had been using and trying different things, I would never use that program again. Of course I changed the BIOS settings on a couple of things like Intel something or other and VMM virtualization stuff I had disabled in the BIOS, and made those back the way they were. Afterall changing the Intel Speedstep something or other had made the computer not even start at all in the sense everything was just slower with latency and harddisk access (oh and I had changed the SATA harddrive to normal IDE mode instead of AHCI whatever mode it is - which probably caused the problem in the first place.) Well, after changing back and finding out that in the latency program - latency was more and everything was slower - I concluded that the computer worked about one way and since it is a cheap computer, there was nothing to do anyway with it so back to the way it had been since I had bought the stupid computer cheaply.
 
The latency was alright for data streaming audio and video anyway, so that is that and now what I have to do is go to the store and pick up some DVD-R for recovery disk from the manufacturer of the computer since I have never made a factory program done Recovery System, since with the computer I never got a Windows 7 DVD in the first place and had been looking around for the Activation Code for Windows which can not be found. Only way I could restore the computer is having a backup saved (which I had made already) or doing the Recovery Disk thingy needing 3 DVD-R disk, which I only had two left. The computer also has a hidden partition which will restore the computer from the manufacturer if anything goes wrong, but if the hard disk fails, then I think the factory recovery program is the one with the 3 DVD-R disk needed to make is the only thing then that would put the OS back on the system.
 
I figured that since I can not actually contact the manufacturer that if I install another Hard disk in the computer and it needs any Activation that well I got what I paid for - a cheap stupid computer, and I probably would have to then buy a Windows 8 computer (which I really did not want in the first place) and since I had waited too long to get a Windows 7 computer that was better in the first place.
 
With Windows 8.1 that may not be a problem anymore and just one more manufacturer in the future I would never buy a computer from again. (But then I do not know how Windows Activation works in Windows 7 since it is not even installed from the OS anyway, unless I include that to be installed but still there is nothing to tell me that code on the computer anywhere. All the manufacturer states is to take to a place that works on their computers which I guess would be the place that I bought it from).
 
Rootkits are something else, but I would be lost if I had one since what I have read about them is on the Internet anyway, or even downloading a program to deal with it in the first place.
 
 

 
Thanks.
 
The computer boots fine... the ratbutts that installed the rootkit want me to keep it running. ;-)
 
I had the latest MSE definitions and all that stuff.
 
I can't find a tool that will find a problem, but my problem is that MSE turned off and every time I try to manually turn it on I get a "you don't have permission dialog". When I go to the permissions of the MSE exe the choices are all blanked out.
 
It seems like MS has been battling constant mods to this root kit for the pasts season.
 
I have to figure out how to run something that will actually fix the problem.
 
I'm going to go look for a disk image and see how far back it will put me.
 
Thanks.

Thanks very much John.
 
I just got finished with my journey and met the Malwarebytes Root kit along the way.
 
I tried Microsoft Malicious Removal and a regular Antimalwarebytes scan and didn't see anything.
 
I finally read this: http://www.malwareexperts.com/step-by-step-zero-access-rootkit-infection-removal-guide/
 
and downloaded Rkill
 
http://www.bleepingcomputer.com/download/rkill/
 
to shut down the malware long enough temporarily so that I could run the Malwarebytes Anti Root kit beta. 
 
http://www.malwarebytes.org/products/mbar/
 
It found 6 "trojan" files that it killed.
 
Rkill also found a bunch of Reparse Points that prevented me from opening my Microsoft Security Essentials or uninstallng it so that I could reinstall.
 
So I finally followed these instructions:
 
http://www.malwareremovalguides.info/tag/reparsepoints/
 
and downloaded and ran HitManPro3.75.
 
The free trial copy said I would have to buy a license to repair a virus but it repaired the reparse redirects for free and now it looks like I am up and running.
 
 
Yuck. I was surprised that Microsoft didn't have this under control.
 
Well, at least I had a nut to file while I was watching the scans. 
 
Thank you for the good tip!
 
best regards,
mike
 

 
The fact that I had a disk image put me at liberty to figure out what was going on.
 
If I hadn't had an image I would have likely lost my cool.
 
When I finally got MSE back up and running I found that it had 11 Trojans quarantined... so it was responding to the threat but then some new variant slipped by and knocked out MSE. Very tricky.
 
I felt glad that I noticed when MSE was being turned off... it was all very smooth and slick.
 
 
This is why I keep the serious machines off the internet.
 
 
Thanks for the encouragement yesterday.
 
 
best regards,
mike
 
 
 

I suspect it was from my interest in watching the Tour of Switzerland on obscure and temporary websites that stream live feeds.
 
best regards,
mike