I am very new to these type of forums and this is my first article on any issue.
I am working as software engineer with an estemmed organization . I am currently in US on client side and I faced the Hacktool.Rootkit last week , I had to spare my weekend in the removal of this. This virus made my system so slow , that even I can not open a simple notepad in normal mode.
Since , I am here , I could not ask for windows repair as my laptop was configured in India and it was not possible for IT here to provide me everything. Therefore , I had to work hard by self and to remove that. But , the best thing was , I was getting Internet access in SAFE MODE WITH NETWORKING boot. This helped me alot in trying so many things.
I am currently using SYMANTEC ENDPOINT PROTECTION (corporate virus protection).
This virus comes from an infected file or link ( generally sent by one who's ID has already been attacked once). One more interesting things , I found that , this virus attacks where IE(Internet Explorer) is used at most.
So after googling around for the whole day and trying so many things I came to the following solution , which I think will work for you all as well:
1. First of all restart your system in SAFE MODE and then Turn Off All the System Restores by going through My Computer--> Properties --> System Restore --> Turn Off System Restore for all drives.
2. Make all the folders and sub folders(hidden and unhidden ones) viewable.
3. Check for the C:\Documents & Settings and Check for each of the sub -folders even the hidden ones. Since , this virus is used to hack password , therefore , it generally makes a folder in this directory only.
4. There you will find some suspicious file ,(On my system it was a shield icon on the task bar and a folder like 12343456 something in the C:\Documents & Settings\All Users\Application Data) which will have a link at the desktop and in the task bar as well. This can be judged by looking which icon is this using in task bar. Delete that folder.
5. Then.run the anti virus on your system.
6. Download the Malwarebytes Anti-Malware from http://malwarebytes.org/ since this virus creates registry entry as well.
7. Then restart the system in normal mode with System Restore off.
8. Execute the Malware Byte and scan the whole system. It is pretty fast and will do all the scanning within few minutes and will ask to remove and repair the infected registries. Allow it.
9. Then execute the Anti-virus on your machine in full mode.
8. Turn the System Restore ON and restart your system.
This is what I used and it worked fine. And my experience says that , this article will help everyone who are active.