Virus Removal / Poweliks Rootkit

I recently had a run in with a computer that, despite appearing clean, would use an incredible amount of bandwidth when plugged into the network. Despite the heavy bandwidth usage, every virus scan came back clean. A few days of on and off messing with it, and I decided to run Malwarebytes Anti-Rootkit beta. Sure enough, there was a virus on the computer, and it was a sneaky one. The Poweliks virus hides all of its code in the registry and injects itself into other processes.

Rootkits are specially designed viruses which trick the OS into hiding them. Rootkits can be in the form of malicious drivers, registry entries, or even modified system files. Due to the way the rootkit integrates itself into the system, it can evade normal detection by modifying the operating system itself to mask the virus. I highly recommend Malwarebytes new Anti-Rootkit software if you have a computer which still shows signs of infection after normal cleaning methods. If you are suspicious of having the Poweliks rootkit, the quickest removal method I’ve found is a tool from ESET, found on this page.

Tagged , , , , .