Questions About FU Rootkit

Discussion in 'Trojan Defence Suite' started by Tcoffey, Feb 11, 2005.

Thread Status:
Not open for further replies.
  1. Tcoffey

    Tcoffey Registered Member

    Joined:
    Feb 11, 2005
    Posts:
    1
    Location:
    Michigan
    I have been trying all day to clean this out of my system. I have no problem purchasing your program, but after spending much $$$ on technical support all day, I have a few questions about it. At this point I am only able to use Safe Mode, and the Windows installer does not work anymore. I have deleted FU*.exe directdll.sys Fu Root out of my regestry and have run Adaware & Mcafee, they claim to have removed the virus, but alas, when I reboot to get out of safe mode, the file directdll.sys is back. Mcafee notifies me that it detected a virus and locks up the system. (Back to safe mode). I understand I need to update my windows with the security patches, but I don't know which patch to download/copy to cd/copy to infected system. Can your program help me, and can it help me without installing through windows. PLEASE! I have payroll on monday! Bricklayers are not fun when they don't get paid. Sorry for long post. Thanks. Tam
     
  2. Mephisto

    Mephisto Guest

    If your running XP make sure System Restore is turned off and try deleting the re-occuring DLL in safe mode logged in as administrator ... Secondly you may also choose "Last known good configuration" at the same screen that you enter safe mode from.

    If your not using XP then maybe someone else here can help you.
     
  3. Mephisto

    Mephisto Guest

    I forgot to add earlier that Windows Installer runs as a service and may have gotten turned off by this rootkit ... also i have had mine set to manual and had it not initiate for whatever reason many times. You can select the service and manually start it.

    If Windows is damaged beyond repair you may be better served $$$ wise to look into data recovery tools if you have no backups previously created.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Mephisto, TDS3 should bre run in safe mode with all of the scan options enabled, this is an in depth scan and will take time to complete. Any Trojan found in the lower console should be deleted.
    If you know the name of the .dll file you can use DelLater to remove it. http://www.diamondcs.com.au/index.php?page=products
    To find other parts try running UnHackMe from here: http://greatis.com/unhackme/ if TDS3 does not find it.Rootkits are the most dangerous threats around ATM and I would advise you to install ProcessGuard which will stop rootkits from installing their service and stop .dll injection into other processes.
    Running the trial version of ProcessGuard may enable you to get back control of your system and nail any rootkit before it loads it's service or at least enable you to track the process.

    HTH Pilli
     
Thread Status:
Not open for further replies.