Rootkit.Boot.SST

If a system is infected with root kit, it becomes really difficult to run it. But MAXSS root kit cannot be detected in Combo fix at the moment. The rootkit can be found thanks to fake recovery. The first step to solve it is to extract and launch GMER and tdsskiller. Once it is cleaned from fake recovery rogue, the security will be connected and the user can download it. There will be a security setup during which a scan will be performed and come back clear. Overall the removal of root kit can be really difficult.

Rootkit.boot.SST.B (and SST.A) is the MaxSS modifcation of TDL4.

It is difficult to run tdsskiller and gmer on systems infected with this rootkit.Currently COMBOFIX doesnot detect this MAXSS rootkit.

This rootkit can be found on the system infected with fake recovery rogue.


TDSSkiller will not launch.GMER shows the following error:


Here is a way to run tdsskiller and GMER :

http://ad13.geekstogo.com/RootRepeal.zip

Extract and launch it.




Launch TDSSkiller now.




Run tdsskiller once to make sure it is clean.


Download:

http://public.avast.com/~gmerek/aswMBR.htm

Make sure the scan comes out clean.

NOTE:

This rootkit is a difficult one to remove and the FIXMBR and FIXBOOT commands are not going to help you in this case. You may therefore need a LIVE boot CD to remove this infection if all malware removal method fails.

This document entitled « Rootkit.Boot.SST » from Kioskea.net (en.kioskea.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the licence, as this note appears clearly.