Stan's Chrome-Plated Tech Tips
Monday, January 30, 2012
The Nastiest of Viruses - the SST Rootkit
Viruses are getting particularly nasty these days. They've become a big business, and that's a big reason why they're getting more and more prevalent. Just recently a hacking group collected $14 million dollars in advertising revenues by infecting over four million unsuspecting users. Just read THIS and you'll see what I'm talking about. This type of virus-for-profit scam isn't going anywhere, and you holier-than-thou Mac users aren't immune either.
We see them here all the time in the garage, and while they are an annoying part of computer ownership, they're generally removable. They normally start with some sort of legit looking alert telling you your computer is infected, hard drive is failing, and the world as you know it is crumbling. Something that probably looks like this: 
But fear not, this magic popup will lead you to believe it has the cure for what ails your computer. It's lying. It has no cure. It is the disease. The only thing it will cure is your credit card of it's available credit limit. So just for the record, there is nothing on your computer that will ever ask you for your credit card outside a secure web browser. Nothing. If something does, it's fake, and it's going screw you over. Trust me on that.
But fear not, this magic popup will lead you to believe it has the cure for what ails your computer. It's lying. It has no cure. It is the disease. The only thing it will cure is your credit card of it's available credit limit. So just for the record, there is nothing on your computer that will ever ask you for your credit card outside a secure web browser. Nothing. If something does, it's fake, and it's going screw you over. Trust me on that.
Now getting this first thing off your computer is generally fairly straightforward. Reboot your computer in Safe Mode, run Malwarebytes or something similar of your preference, and it'll most likely nab this most obvious part of the infection. But what it'll miss is the most insidious type of virus: the boot sector virus.
The boot sector of your hard drive is what actually tells your computer how to start up and load Windows. If a virus resides there, it generally will get overlooked by most types of basic scanners and simply block many removal tools from getting at it. So what can you do? Well the most common one we've seen here repairing computers in Los Angeles come from the SST rootkit family. The latest variant, the SST.BOOT.ROOTKIT.B virus is a persistent sucker and getting rid of this one can be tricky.
There are two methods we've found capable of removing these SST viruses from our good friends at Kaspersky Labs. The first, and simpler, method is to use their root kit remover TDSSKILLER. Download the utility on another computer and copy it to a flash drive. Change the name of the tdsskiller.exe to something random (the virus can oftentimes neutralize known removal tools based on the filenames), reboot the infected machine in safe mode, and attempt to run TDSSKILLER. If successful, it'll say it found the rootkit and successfully removed it, and a reboot is required. If this doesn't do the trick, the next step would be to try the Kaspersky rescue disk. Burn the image to CD/DVD or to a flash drive, boot the infected machine off it, run the quick scan, and it should and clean the rootkit.
Now here's the rub - the rootkit resides in your computer's master boot record. Either of these methods can render your computer un-bootable. Your data should be safe, but that's not going to do you much good if it won't start up. I suggest performing a full image-based backup with a utility llike Acronis before attempting either of these methods.
The bottom line is Viruses aren't going anywhere anytime soon. In a connected world, it's just par for the course that scammers are going to try and make a buck off you. Get yourself a good antivirus product, keep your system up-to-date, and practice common sense when online.
And, oh yeah, STAY AWAY FROM THE PORN!
As always,
Stan
I'm not a Geek. I'm your friend, and I'm here to help.
Labels: anti-virus, apple, computer repair, computer service, los angeles, Stan's Tech Garage, windows, windows 7
