System Restore / System Fix Trojan + Rootkit.boot.sst.b Removal

User Rating:  / 1
PoorBest 

       I have lately encountered a nasty kind of infection. You will know you have it if all your icons have disappeared, your start menu is empty and a window pops up called System Restore or System Fix telling you your hard drive is about to fail and you have many system errors. This crazy scareware has combined with the rootkit.boot.sst.b trojan. The result is a very difficult infection to cure. I have, however,  found a reliable method of removal.

 Here is a picture of it, although I've seen several variations

  

   You will need to download 2 things:

  • Kaspersky System Rescue Disk (Major Geeks has an ISO with recent definitions here)

 

     You'll have to burn the Kaspersky iso file to disk (I'll assume you already know how to do this)

 

     (1) Run Kaspersky System Rescue


     Make sure you are hard wired to your router or modem ( wireless will not work )

     Shut down and boot your pc from the Kaspersky system rescue disk

     Press any key to start the bootloader and choose to start in "Graphical" mode

     It usually will take a few minutes to load to the desktop

     Click on license agreement window and press "y" (You may need to plug in a usb mouse here I've found)

     Click on the start menu (In the bottom left corner) and choose Kaspersky System Rescue

     Choose the update tab and start update (This has taken me a half hour or more)

     When the update is complete, click on the Scan Objects button

     Kaspersky will popup to tell you it has found a boot trojan. Choose disinfect

     Quarantine any other trojans or virus that are found

     Restart and eject the disk

 

     (2) Running Combofix


     Boot the pc into Safe Mode

     Plug in your flash drive

     Press the Windows Key and E together to bring up an explorer window

     Go to your flash drive and click on Combofix

     Agree to all the windows that come up but you need not install the Recovery Console when prompted.

     Combofix may detect the presence of another rootkit (It did on one system) and restart windows. If it does just return to safe mode after the restart and combofix will continue.

     When completed, close the notepad window. You will see that your Start menu is mostly fixed but still not right.

 

     (3) System Restore


      Go to Start -> All Programs -> Accessories -> System Restore or go to Run and type C:\windows\system32\restore\rstrui.exe or just type rstrui.exe at the bottom of the start menu in newer windows versions.

     Restore your computer to an earlier time and choose a day before you were infected. Start the restore and after your pc restarts, it should be it's old self again. Whew! these viruses get worse all the time.