Saturday, June 14, 2014

Win:32Rootkit-gen[Rtk] – Device Driver Virus Causes Initialization Failure [Expertise]




OUTLINE
  • Outline about Win:32Rootkit-gen[Rtk]
  • Conventional removal methods will fail in removing Win:32Rootkit-gen[Rtk]
  • How dangerous is Win:32Rootkit-gen[Rtk]?
  • Learn the way to remove Win:32Rootkit-gen[Rtk]
  • Final


Generality about Win:32Rootkit-gen[Rtk]


Apparently that Win:32Rootkit-gen[Rtk] is a Rootkit and attack Windows 32 bit machines particularly. The Rookit Trojan has been active on the Internet for at least 6 years, some changes have been made to again affect today’s people. Survey by Global PC Support Center shows that game player is the hardest hit.



Win:32Rootkit-gen[Rtk] Resists Conventional Removal


Avast specially detects Win:32Rootkit-gen[Rtk] but not able to remove it regardless that it says it has. Win:32Rootkit-gen[Rtk] appears not to be a virus that attacks either data or applications. Rather it tries to cause disruption, in this case by instigating thousands of automated log-ins between machines. It is this activity that has generated multiple failed log-in attempts, and which in turn, has caused the lock-outs. Also every attempt to start a service will meet with another stop service command. This seems to influence installed anti-virus program badly.

How Win:32Rootkit-gen[Rtk] dodges the automatic removal? As soon as the Rootkit loads on a machine, it would numerate drivers related to security defense and the installed services so as to inject its running data into background processes. The Rootkit Trojan then become able to load down its processes to make them check and balance. Consequently, any stopped item would back to live in seconds. Whereupon, the installed anti-virus program is weakened.



How Dangerous Is Win:32Rootkit-gen[Rtk]?


Win:32Rootkit-gen[Rtk] is categorized as Trojan horse. Backdoor will be attacked to any affected machine to help load down additional items for money. Therefore, your dutiful security utilities would detect other items like PUPs, adware or other Trojans. What’s worse, as the Trojan horse cooperates with web applications that adopts JS techniques, Win:32Rootkit-gen[Rtk] manages to capitalize the technique to help record any in-put information, i.e. your confidential information like address, bank account and log-in confidential.

As more items are loaded down on a target machine, the limited resource and space will be taken up unreasonably to slow down the overall PC performance, which could buy time for Win:32Rootkit-gen[Rtk] to get more valuable information for money. One should now be clear that what Win:32Rootkit-gen[Rtk] aims at is money only, rather than damaging your computer.



Thread to Remove Win:32Rootkit-gen[Rtk]


A
Access Task Manager to remove the items with the path directing to Win:32Rootkit-gen[Rtk] according to the installed anti-virus program.

Win+R key combination > Run box > type "CMD" > Enter key > type “taskkill.exe /im msblast.exe” or “taskkill.exe /im teekids.exe” or “taskkill.exe /im penis32.exe” > Enter key > access Task Manager > View > select columns > tick "PID" and "Path name" > go to open up System Information > end the process with path name directing to Win:32Rootkit-gen[Rtk]'s path(according to the threat alert) or the path that doesn't belong to system.
select Colunms to tick PID and Path Name to find out the services and processes related to
Win:32Rootkit-gen[Rtk]
(tip: if some vicious processes reappear, one could find the PPID through PID functionality; please then remove the parent process(es) with the command “taskkill /im system.exe /f” through DOS window.)




B
Unveil hidden files and folders to remove the ones created by Win:32Rootkit-gen[Rtk].

Windows 7/XP/Vista - Control Panel > user accounts and family safety > Folder Options > View tab > tick ‘Show hidden files and folders’ > non-tick ‘Hide protected operating system files (Recommended)’ > OK button.

Windows 8 - Windows Explorer > View tab > tick ‘File name extensions’ and ‘Hidden items’ > OK button.
show hidden files and folder on Windows 8 to remove the ones related to Win:32Rootkit-gen[Rtk]
  • Remove all the Temp items.
    C:\Users\[user name]\AppData\Local\Temp\
    C:\WINDOWS\Temp
    C:\Documents and Settings\[user name]\Local Settings\Temp
    C:\Documents and Settings\[user name]\Local Settings\Temporary Internet File
  • Access the following folders to remove the items generated on the day when  Win:32Rootkit-gen[Rtk] was firstly detected according to the installed anti-virus program:

    (tip: if one owns Windows XP, it is suggested to execute the following steps after closing down System Restore function: right click on “My Computer”/”Computer” > Property > navigate to System Restore tab > tick “Turn off System Restore”)
turn off system restore to prevent from Win:32Rootkit-gen[Rtk]'s reimage
%SystemRoot%\system32\%Temp%\
%SystemDriver%\
C:\Windows
C:\Windows\System32
C:\windows\winstart.bat
C:\windows\wininit.ini
C:\windows\Autoexec.bat
C:\Users\[your username]\Documents\
C:\users\user\appdata\local\
C:\Program Files\

variable declarations
  • %SystemDriver% - the system division is "C:\" by default.          
  • %SystemRoot% - the directory of WINDOWS is known as“C:\Windows” by default.
To show the date
one should:right click on the space of a window that is under inspection > select "Arrange by" > select "day")

show the creation date of the items related to Win:32Rootkit-gen[Rtk]



Be noted that the above instruction is thread not the detailed way in removing Win:32Rootkit-gen[Rtk] as it is impossible to do so. The items dropped down by
Win:32Rootkit-gen[Rtk] can be different and the way to accesscertain location can be various due to the OS installed. Follow the thread with certain level of computer skills and virus knowledge will help remove Win:32Rootkit-gen[Rtk] completely and throughly.
 get expert help in removing Win:32Rootkit-gen[Rtk]




No comments: