RiotSecurity
New Member
I decided to write this little guide on destroying a nice ring3 rootkit, or at-least removing the most of it...
BetaBot is malware created by someone named BetaMonkey on hackforums, well it is a nice rootkit malware, with a snazzy http panel, it's easy to kill.
Login to your computer like normal, access regedit.exe as admin, open windows explorer, navigate to C:\ProgramData\Printer0, if you get access denied, then you're infected.
Search in registry for Printer0, delete all entries, reboot machine, malware removed. You should now be able to override folder access control (if it's not already changed from reboot) and physically delete the malware file.
The Printer0 will be placed in many different locations in the registry, so keep searching. If it's crypted it mostly drops also into appdata, temp folder, so search there.
~ RiotSecurity/Probably
BetaBot is malware created by someone named BetaMonkey on hackforums, well it is a nice rootkit malware, with a snazzy http panel, it's easy to kill.
Login to your computer like normal, access regedit.exe as admin, open windows explorer, navigate to C:\ProgramData\Printer0, if you get access denied, then you're infected.
Search in registry for Printer0, delete all entries, reboot machine, malware removed. You should now be able to override folder access control (if it's not already changed from reboot) and physically delete the malware file.
The Printer0 will be placed in many different locations in the registry, so keep searching. If it's crypted it mostly drops also into appdata, temp folder, so search there.
~ RiotSecurity/Probably
h34r: