rootkit.gen - swerftx.sys infection

[BobLewiston]

I'm infected with rootkit.gen (specifically: swerftx.sys, unique code IQ1LCWD7) at LBA sector 0 of my MBR. It's a "highly severe" Trojan which can enable a remote computer to take over my computer, among other things. I don't want to pay Webroot $100 to remove it for me. How do I remove it myself, or where can I learn how to do so? Or is there too much to learn just to save myself $100, or does it require special software that isn't available to the average person? Should I use ComboFix? (I've got it, but I've heard it can be dangerous.) Help!

 

[Osiris]

Run combofix and then malwarwbytes and post their logs

 

[BobLewiston]

Thanks for the help. However, before I go to the trouble to follow your advice and possibly do something wrong, could you comment on the following?

I'm now reading the following online at the University of Minnesota's Safe Computing website (see http://safecomputing.umn.edu/guides/scan_unhackme.html):

Rootkits are a special kind of malware that are specifically designed to hide the activities of other viruses and worms, and compromise the operating system so that it may not be repaired. If your machine is infected with a rootkit, you will very likely not be able to regain complete control of the system. Reinstallation is highly recommended.

However, there are exceptional cases when you absolutely need to attempt to repair the system. Although no tool can guarantee results for rootkit identification and removal, there is at least one program which has show limited success from time to time in this area. It's called UnHackMe.

It goes on to say:

Remember that in computer security there's no such thing as a silver bullet, and that you can't be certain which files were compromised by the viruses, worms and trojans on your machine. If you've been infected, you could still have "backdoors" riddled throughout your computer's operating system, and you should think very hard about reinstalling your operating system, and starting over from scratch.

Do you know if you can never really be certain if you've succeeded in completely removing a rootkit? I'll reinstall the system and all my software if I really have to.

 

[Osiris]

Well it depends on what rootkit you have, and yes there are a few out there that cant be removed. Ive seen that once on here and once in person. I just helped a guy out with a rootkit that infected the MBR, we got rid of it.