Rootkit: UACxxxxxx.sys Sucks as bad as it’s older brother

March 25, 2009

Came across a variant of tdss called UACxxxxxx.sys the other nite.

Looks like the writer updated the code and gave it a new name to go by.

If you want to get this douchebag the hell up out of your system here’s what you need to do.

  1. Download UBCD4WIN from this site.
  2. Download Malware Bytes Anti Malware from mbam
  3. Install and update MBAM onto your system. Run the scanner and after it finds everything on your system look at the list of files it found infected. Note the exact file name for the UACxxxxxx.sys infected file that is in C:\WINDOWS\system32\drivers. It might be in a different folder so make sure you note that down also.
  4. On a non infected system install and create a UBCD4WIN.
  5. Go back to the infected system with the UBCD4WIN and boot up. Once you’re in browse to C:\WINDOWS\system32\drivers and remove the UACxxxxxx.sys rootkit.
  6. Run MBAM to make sure you are free of this abomination.

If you follow these steps you will be UACxxxxxx.sys free. Let me know your experiences.