TR Forums

Ive got an XP home box here that's been taken over and is busying itself sending out thousands of bulk emails (to no where, as I blocked it the instant I saw what it was doing)

Removed a ton of virii and other malware, but its still doing it.

Anyone know of anything other than an F&R?

What spyware/av utilities have you used? Without more info all I can say is keep trying other tools, look for suspicious processes that are running etc.

It may well have a rootkit that is hiding the bad stuff from you. There's no surefire way to clean it successfully unless you know exactly what rootkit variant you're dealing with. If you're lucky, it's not completely covering its tracks and you can get some DLL names that you can google for more information. As a first step, use Rootkit Revealer and HijackThis. Sometimes you can see suspicious DLL names if you look through the modules in each running process with ProcessExplorer -- be especially suspicious of DLLs that have no Company Name or description. Note that you have to run in safe mode to have even a chance of removing stuff, and even then you may be SOL unless you shut down explorer and some of the other system tasks and do everything from the commandline. Again, if you can get the names of suspicious DLLs you can google them (ProcessExplorer has a right-click menu item for this) which can often lead you to specific fixes.

But it's a hell of a lot easier to just wipe the thing and start over.

You should save yourself the hassle and nuke it from orbit! A fresh install is probably the best way to ensure you have rid that box of every bit of cruft.

"I say we take off and nuke the entire site from orbit. It's the only way to be sure."

Nuked it.