I got infected. Thought it was antimalware doctor, removed some registry files and others, apparently missed some. It's disabled Norton and windows update. Did system restore, used mrt, stiil no joy.

Currently booted in Ubuntu from a USB drive and am running clam on the disk. Previously tried prevxc and malwarebytes in Wine, but they both crashed. Any suggestions on anything else I can try from here?

Next step is safe mode boot, I have malwarebytes, prevxc, unhackme, rootkitrevealer, and hijackthis standing by to run when I get there.

12/5/2010 6:28:07 PM

http://www.hirensbootcd.org/download/Hirens.BootCD.12.0.zip

Hiren's will boot a mini xp install and let you run a few anti-spyware apps, but not too many utilities like combofix (prevxc, GMER, etc) will work.

12/5/2010 7:45:05 PM

In the interest of saving time, you'll be done with this sooner if you just reformat and start over.

12/5/2010 8:31:14 PM

^+1

Use Ubuntu to save important files and reformat.

12/5/2010 9:25:55 PM

clamav

12/6/2010 2:45:05 AM

Hiren's boot CD and ClamAV on Ubuntu are good choices, but you can also consider a curious offering from AVG: http://www.avg.com/us-en/avg-rescue-cd
It's a Linux LiveCD with AVG on it and a few other tools, like a registry editor

12/6/2010 3:07:12 AM

I know reformatting would be quicker. I'm fully and multiply backed up, though I'm only 60% sure my last full one is clean. Right now, I'm running on stubbornness.

I ran ClamAV, found and removed 4 files. Didn't know to tell it to let me know what it found. Didn't know to tell it to ignore things, so that took a long time. Couldn't get any of the windows based programs to run cleanly in Wine.

Back in windows, Malwarebytes found a few more and removed them, but nothing interesting. Spyware Doctor says I have a rootkit bug, but won't tell me what and wants me to buy the CD. Prevx found nothing.

I want a registry editor and something to detect rootkit bugs that I can run from Ubuntu. Any suggestions?

If I identify a rootkit infection, how do I manually remove it?

12/6/2010 8:56:40 AM

I've had good luck with Kasperky's TDSSkiller. Had 2 here recently that wouldn't update and tdsskiller fixed them.

http://support.kaspersky.com/viruses/solutions?qid=208280684

12/6/2010 9:34:08 AM

^^Download AVG Rescue CD and run that, it has a Registry editor

12/6/2010 10:20:37 AM

^^ ++

I ran out of ideas and ended up at the school help desk. They were remarkably helpful (Thanks!) and after a handful of tools, TDSSKiller did the trick.

It's on my rescue stick now.

12/6/2010 6:31:04 PM