Re: Gateway GT5056

You should clean it with a live cd: I'm positive with Hiren's boot cd, a live XP environment with some really nice tools, antispywares included. You download Spybot S&D's detection list on a pen drive from your computer, then boot the infected computer with HBCD's "Micro XP", run Spybot first then close it and unzip the database into Spybot's temporary folder on X: . Run Spybot from it and run a full scan. Same for compact antivirus programs like McAfee Stinger.
There could be troubles such as directories accessible only to System user, corrupted system files and others affairs: HBCD offers only the System user so you should be able to read the whole disk and rename the (supposed) rootkit, then rename another unknown programs and lastly load registry hives to purge HKLM- and HLCU\Software\Microsoft\Windows\Run keys. Unless you're absolutely sure they're harmful programs, don't delete but rename them.

Second pass is restoring damaged or replaced system files with sfc /scannow and checking all programs, drivers and BHOs with Autoruns.

Zandrax

Re: Gateway GT5056

Been there, done that.

Hirens, Avira live cds no help.
Spybot no help.
Multiple rootkit detectors, no help.
Every single item you mention above is in my kit, and none worked.

FDisk/Format = solution.

I very rarely get stumped by a bug, but I got stumped by this one.
There was a hidden process running that was invisible to all the process monitors. It kept restoring the registry keys, startup entires, and killed the installation of most AV and MAL software.

This was a paying machine, and I only got $125 for about 8 hours' diagnostic and recovery time. Some days you get the bear, other days the bear gets you.

Re: Gateway GT5056

>>FDisk/Format = solution<<

Nope. Disagree. I've been fixing systems left and right with this crap and the various "Anti-Virus 200x" flavors for 8 months now. These 2 are main arsenal plus running Avast! AV from a boot CD.

ComboFix & Malwarebytes Anti-Malware

Hidden process is usually a valid-looking windows/system32 file that is required by Windows to load at startup. It "looks" perfectly normal. The package is usually delivered into this file which causes it to "bloat" in size (+100kb or more). Contained in the bloat section is a program that writes to registry, changing the file name at every boot and then writing the file that it just told registry to run. Real biatch to locate. Usually looking at time/date stamps in system32 you'll find 1 that is recently dated, and comparing it to file size on other systems, you'll see the bugger.

Toast

Re: Gateway GT5056

I always use combofix+malwarebytes+SUPERantispyware on a small 128mb flash drive I don't use for anything but spyware removal. If its really bad, it might write itself to the flash drive. For those, I burn those installers onto a cd.

If it does like he said it does, and stops installations of a/v software, then I just go ahead and reformat and tell the person to stop looking at so much porn.

Re: Gateway GT5056

Reformatting is NOT an option. Too much (not backed up) data and time involved in 90% of the cases. Nor can you get to back it up because it's infected.

Running the Avast! AV from bootable CD is what kills a lot of these problems. On bad machines, I'll run Combofix from safe mode.

Toast

Re: Gateway GT5056

I also have rats cheddar on that flash drive/cd. Really helps get back control of your computer.

Re: Gateway GT5056

@370forlife -
Can't find a d/l link. Got one?

Re: Gateway GT5056

I don't have backup problems... boot it under BART, hook to my backup server, done deal.

This Gateway threw me for a loop.
Since Time = Money on a paying call, I saved all the data and did the factory recovery. This has the added benefit of a know-clean configuration.

I have to deliver the cleanest solution in the shortest amount of time. Callbacks are a complete loser, so I do everything possible to avoid them.

Anyway, it's done and the client is happy. And I'm paid.

Re: Gateway GT5056

I attached the one I have, but if you don't trust me, you can find it on techspot's website somewhere, thats where I got it.

Re: Gateway GT5056

Thank You!

I searched TS but nada.

Handy little bugger.

Toast