Rootkit & Trojan Smart Service removal?

Discussion in 'Windows 10' started by jetjock, Jan 5, 2018.

  1. jetjock

    jetjock MDL Senior Member

    Mar 6, 2010
    279
    15
    10
    I'm not sure that this is where I should post this, but the problem is in Windows 10 so will give it a try.

    I have picked up a Rootkit.Agent.PUA: C\Windows\System32\drivers\sedvycfi.sys and a
    Trojan.Smart.Service: C:\users\xxxx\appdata\local\igfxmtc and C:\users\xxxx\appdata\local\igfxmtc\igfxmtc.exe.

    I have tried running TDSSkiller, Rogue Killer and rkill with no success. I also searched the registry for both with no luck. Neither shows up. I booted into safe mode and tried Unlocker and Take Ownership of both, also no luck. Am told I need "Administrator approval" to delete them. When I look at a file manager, igfxmtc is listed as a folder, but there is no .exe file in it (yes I do have show hidden files & folders). Malwarebytes will not remove them, and I've run out of ideas. Can anyone help?

    P.S. A Google search for "sedvycfi" came up empty for me.

    jetjock: :plane:
     
  2. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    5,572
    13,005
    180
    Yes I can:

    1. You have no other option than reformat and reinstall everything again :tooth:
    2. You should study a bit more about security.

    Shadow Defender
     
  3. s1ave77

    s1ave77 MDL Guide Dog/Dev

    Aug 15, 2012
    14,305
    18,124
    340
    I googled for that and found it associated to 'Smart Service Rootkit'. Not that easy to remove it seems :g:. Data backup and a fresh install might indeed be the best option here.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. oldman500

    oldman500 MDL Novice

    Jun 29, 2011
    3
    1
    0
     
  5. oldman500

    oldman500 MDL Novice

    Jun 29, 2011
    3
    1
    0
    igfxmtc.exe <<<<< use unhackme will remove it.
     
  6. jetjock

    jetjock MDL Senior Member

    Mar 6, 2010
    279
    15
    10
    Have one. Will use as last resort. Thanks.

    jetjock: :plane:
     
  7. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    2,182
    1,166
    90
    When it comes to security when dealing with a rootkit(s) your best option truly is to zero out that drive with a low level format, and then if your lucky you can put in a clean install of windows again
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. tonto11

    tonto11 MDL Addicted

    Jun 18, 2012
    532
    222
    30
    And when you get all that done you can save an image of your hard drive to a portable drive
    so that when it happens the next time you can format and restore quickly

    ...T
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. jetjock

    jetjock MDL Senior Member

    Mar 6, 2010
    279
    15
    10
  10. s1ave77

    s1ave77 MDL Guide Dog/Dev

    Aug 15, 2012
    14,305
    18,124
    340
    Hmm, i wouldn't trust that system anymore :thinking:.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    5,572
    13,005
    180
    :roll1:

    What a stupid resolution due to the fact there are disk imaging software at our service :facepalm:

    Yeah, keep keeping fingers crossed.
     
  12. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    2,182
    1,166
    90
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    5,572
    13,005
    180
    #18 Mr.X, Jan 9, 2018
    Last edited: Jan 9, 2018
    Something useful:
    :D
     
  14. sid_16

    sid_16 MDL Giveaway Organiser

    Oct 15, 2011
    2,204
    3,652
    90
    Just a friendly reminder!
    Your mouse click matter: https://forums.mydigitallife.net/threads/how-to-clean-an-infected-pc.46725/#post-780510
    Hello everyone,

    After searching the forums i have notice that there are so many good guides out there, but i also have noticed that most guides forget to mention some basic things.
    So here i am going to make a attempt to write down a few tips that can enhance your security and can smoothen your Internet experience.

    Antivirus + FW & Antispyware.
    One of the biggest mistakes ever made is to blindly trust a your security suit.
    You might say why is that? Well if you allow me i will try to explain it to you.
    Your AV & AS will generally offer a reasonable defense against a wide range of malware related dangers.
    And most come with a comprehensive set of tools that in theory should add a significant bonus in hardening your system.
    That said if you follow the instructions given by your AV +FW & AS then its save to assume that virtually all of them will get the job done in protecting you.
    But that said they have a common weak spot which is more deadly then ANY virus ever created and thats your click habits.
    Your protection suit regardless of brand is just as good as you allow it to be. Your mouse click will make your protection trustworthy or untrustworthy
    To many times in my professional ICT & Security career i have come across people who made the same basic mistake and that is NOT reading & acting and just clicking to get rid of a alert, Or just click to get it over with assuming that your protection suit will deal with it.
    Fact is your protection suit will NOT always deal with it period.
    And hence why i have said do not trust your protection suit just because it looks nice and says: "Its all ok".
    (Your mouse click the biggest virus ever created might already have taken over your system :D)

    A common myth is that protection suits are made to: Literally protect you a 100%, They always clean your system and never fail and If they do not report a problem that your system is automatically regarded clean by default.
    Wrong Wrong so WRONG.

    Antivirus, Antispyware, Firewalls they where never intended to stop 100% of all the viruses & malware out there.
    Because when the security industry started many years ago it became clear that they would NEVER be able to achieve a 100% security.
    So instead they focused Detection & Alerting, Prevention and IDS/HIPS (And variants) with the aim to root out a BIG chunk of the most common parasites.
    So that they could offer you a reasonable standoff against common attacks and dangers.
    This was purely with user friendliness in mind as all the brands realize that there is no: "can do it all" package out there.
    There are millions and millions of viruses & attacks and other dangers to your PC out there, So there is NO WAY a protection suit is going to cover all of them and be successful.
    Thats said only a fraction of the dangers out there that can be considered as seriously dangerous.
    So a good thumb rule is that 80% of all the dangers out there can be covered by a well setup system with the idea in mind that the other 20% is not going to reach you anyway.
    Usually its save to assume that the average user has more to worry about misunderstanding and misusing their browser and computer habits and more importantly misinterpreting alerts and basic computer warnings and practices.

    All the well known and respected brands have a huge database with signatures, patterns and data that enables your protection to deal with a good portion of the most common dangers automatically.
    And in most cases the AV vendor will provide you with additional help if the protection fails in a attempt to clean & repair a particular problem.
    But as i have said before your behavior and understanding is a key factor which can lead to protection or infection.
    For example most malware and dangers out there are well documented and covered by your protection, so if you would follow the advise given then you are usually save, BUT here is a simple scenario that will render ANY protection useless:

    Imagine you are on a instant messenger program, Skype, Msn, Yahoo, Google-talk and you are chatting to a friend, family, work contact or even just a random person then most users make a basic mistake.
    For the sake of argument in this scenario you are chatting to your father who is afteral MOST trust worthy right?
    And suddenly your father send a picture of his new car.
    Now ask yourself the question how many users would accept the file without even blinking?
    And without realizing they just invited a VERY nasty pest into their well secured system.
    Because you just did fail to realize that your fathers PC might be infected and spread malware using contacts in his favorite instant messenger program.
    The moment you accepted that file there is a 95% that the file will successfully invade and infect your system without you actually clicking on the physical file itself, this because good old windows will read the file, index it and store it which is everything the file needs to penetrate your system without you knowing.
    And by the time you or your protection suit noticed this infection it could be all to late, because most of these pests will try to hit your protection from the inside out and 75% of those pests will actually manage to at least damage the system, not to mention that they actually have proven to outsmart MANY well known protections suits.

    My point here is always ask the person who sends the file: Hey dad did you send me a file? if he says yes then its usually ok if he says no well then you know enough.
    Never trust ANYONE on the net, even friends, family or work contact can screw up your pc (Willingly or unwillingly/unknowingly)
    And never ever believe that you are save if you cannot control your computer habits and mouse clicks.

    This is just one of the thousands of ways a user can be infected.
    Obviously a good protection suit (If they have a good self defense & tamper protection) Will be able to detect most pests and often will alert you that you just got infected. (Again they might not be able to remove the pest but at least they managed to alert you which is VERY important)
    And as i have mentioned before they have never been designed to 100% protect you, but they DO have been designed to alert you.
    In most cases this only works if you got a well rounded system with a solid updated configuration or you and your system will be dead in the water.
    Keep in mind only under the right conditions your protection should be able to perform at its best of its ability. (In theory)

    However its not that simple, some of these pests that are being spread over instant messenger networks are very well coded and often armed to the teeth, but p2p and chat network are just 2 out of the gazillions of ways a pest can reach you.
    Fact is tho that chat, p2p, and torrent networks are VERY effective and therefor very popular in spreading viruses.
    And because there is such a high success rate using these networks it automatically becomes so much more easy to spread a more advanced version of a Trojan, because the virus creator already did take into account that 75% of everyone will just accept the file and thus clicking on it which activates it.
    So really those nasty pests can only be spread using the help of your click and trust habits, because on the net itself they cannot be spread without your help and the simple reason for this is that the good old days where a simple vbs script could cause havoc are over, and made room for more advanced little Droppers, Trojans and Rootkits.
    And its exactly those pests who carry the biggest danger to your system as most of them are very well coded, extremely hard to detect & remove and most importantly they can be very destructive.
    So this technique is their biggest defense against detection itself, not to mention that mass infections like for example the iloveyou worm did will effectively kill the virus faster then it could spread as every AV in the world will catch them with their many honey pot networks and that does the creator of those viruses no good.
    Instead they want stealthy infections unknown, unseen and on a small scale, from this point forward they can slowly expand and create a huge network of slave pc's.
    For that they need admin rights and you are going to give it to them and you do not even know it.
    And the real bonus is that most users are using a admin account so the moment you accept a file you basically handed over the key to your pc as most of those pests rely on admin rights to be able to disable your total security and eventually destroy or take over your system.
    So the only thing the "hacker" needed to do is wait for another sorry Internet user to be ignorant and satisfy his trigger happy click finger.
    It might not sound nice but its the simple truth.

    On a flip side 7 out of 10 pests you will encounter on the Internet can be classified as annoyance at best, because if you take care and notice of your protection suit, and if you are running a fully patched and well maintained system you will be able to block those 7 out of 10.
    In regards to those remaining 2 out of 10 you will usually not find them being spread without your explicit approval.
    Afteral you where the one that accepted the picture of the new car from your dad remember?

    And that last remaining 1 out of 10 is just bad luck if you get infected by it, which is nearly impossible as those kinds of pests are not created to infect you, but they are made for a specific use and where never intended to target the general Internet user.
    These very dangerous and fantastic pieces of code are made to penetrate agencies and high value companies who spend millions and millions in defense and security.
    So as i said the odds are NIL that you will get hit by one of those, and if for whatever reason you do get hit by it, then its usually game over as those pests are made so well that it takes a ton of money to develop them, and a even bigger ton of money to detect/remove and repair the hit network.

    That being said, the moral of this little story is:
    No matter how good you are, no matter how good your protection is and no matter how much you think to know about computers everything is based upon that one single mouse click.

    Do not just click links for the sake of it, do not just accept files because they come from a trusted source, do not just click blindly when something tells you click here.
    And always read what your "alert" tells you.
    Read, monitor and verify your actions and then you can finally click yes or no and approve or disprove a action your PC/web page or program might want to carry out, never run a admin account and never ever side step the warnings given by your protection.
    And then there are those people who pair up multiple security suits on one system, lmao
    I have seen people pair up Mcafee and Norton while having 4 different firewalls running, needless to say their system crashed.
    (So please don't even try to stack protection like that)

    Side note: I do understand that some of the protection software available on the net can be confusing or to high tech and i do understand that you might not have enough knowledge to make a well calculated assessment of the alert given by your protection software so its easy to click yes and order your protection to do something it should actually not do mistakes happen and there is no shame in that.
    Because most protection software will verify your decision and in most cases it will alert you if that decision was the wrong one, and will offer a way to fix that. Afteral thats what those programs are made for, making your life easy.

    Keep in mind virtually all the malware and hackers out there count upon your ignorance.
    They need your mouse click harder then a running up president needs votes.

    Final note:
    Your common sense is the best protection your PC can ever have, if you take the trouble and effort to understand what you do on the net then your PC will take it from there. There is no bad PC and there is no bad protection there is only a bad user who failed to follow basic rules.
    And if you do not know what to do next? Then we will be more then happy to help you here at malwaretips.com

    So next time your protection software tells you that something is going on or when your system says something or alerts you or when a web page asks click here then consider that your: Mouse click matters.

    Anyway let me know what you think and post a reply.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. stayboogy

    stayboogy MDL Addicted

    May 1, 2011
    709
    115
    30
    I don't run any AV or the like and haven't for over 7 years or more. And I haven't had any infections in that time that I didn't purposefully allow for testing purposes. The only thing I ever do is update the windows hosts file with Spyware's host file and that is absolutely it. Never any infections ever, period.

    Quit downloading pirated software/music/movies/etc or going to obscure porn/movie/game/software sites and you'll never have anything to worry about.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...