TechKnow

Author Topic: Bootsector Infection: Cidox.B removal  (Read 1748 times)

0 Members and 1 Guest are viewing this topic.

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Bootsector Infection: Cidox.B removal
« on: July 10, 2015, 04:47:13 PM »
Hello TechKnow members and visitors,

Today I've been challanged to detect and remove a complex infection.

It connects to hosts such as:

uni-maxi.com(176.105.195.236)
presto-ferr.com(109.194.55.196)
question-search.com(192.162.19.84)
comment-search.com(192.162.19.84)

Rootkit.Boot.Cidox.b
HW32.CDB.B5d2
Trojan.Agent.ED
Win32:Rootkit-gen [Rtk]
Trojan.Win32.Cidox.akpt
Trojan/Win32.Ransomlock

Seems to act as a ZBot trojan.

Anti-vir, Trend-Micro, Malware-Bytes and Comodo ALL FAILED to detect this one, Kaspersky's TDSSKiller eventually got rid of it! Download it from their website: http://support.kaspersky.com/viruses/disinfection/5350.

Anti-Vir did detect the trojan, but got a bluescreen (running Win7 x64) and crashed.

So if you detect these malicious connections, TDSSKiller is the way to go :)

HcH

Offline cvegreen

  • VIP Moderator
  • Full Member
  • *
  • Posts: 199
  • Karma: +99/-0
  • Tablet / Size / Model: no tablet, asus F205TA netbook
Re: Bootsector Infection: Cidox.B removal
« Reply #1 on: July 11, 2015, 09:55:29 PM »
My system runs on windows 10 and this cant figure it yet. I had to solve today razor adaware, also a hard one to remove. You have to clean your hole computer, clean you browse history,and much more before it is gone. It is realy a hard one to remove.

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Re: Bootsector Infection: Cidox.B removal
« Reply #2 on: July 12, 2015, 09:02:08 AM »
My system runs on windows 10 and this cant figure it yet. I had to solve today razor adaware, also a hard one to remove. You have to clean your hole computer, clean you browse history,and much more before it is gone. It is realy a hard one to remove.
WOW! I honestly did not expect  malware to intrude Windows10 this fast.

I wonder how this razor adware intrudes the system, must be a good trick because from what I have understood Windows10 should be safer.

Interesting!

Offline cvegreen

  • VIP Moderator
  • Full Member
  • *
  • Posts: 199
  • Karma: +99/-0
  • Tablet / Size / Model: no tablet, asus F205TA netbook
Re: Bootsector Infection: Cidox.B removal
« Reply #3 on: July 13, 2015, 08:43:24 PM »
HcH, check your FB once please.

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Re: Bootsector Infection: Cidox.B removal
« Reply #4 on: July 14, 2015, 10:25:43 AM »
HcH, check your FB once please.
Done :)