A friend is a huge trek fan and decided after visiting Memory Alpha to try Memory Beta, the fansite. His computer started having issues directly after so he ran AVG and it deleted a few thousand copies of malware. I found a bunch more running it in safe mode. The problem is that ping.exe is now using 99% of cpu. No matter what I do I can't seem to find whats causing the issue, and at this point I'm assuming he has a rootkit.

Is there a known issue with Memory Beta being infected?

Any advice on tackling rootkit removal? I've never actually tried it before.

I had a similar problem, and found that the programme TDSSKiller sorted my computer out.

You can get it here:
http://support.kaspersky.com/faq/?qid=208280684

My last experience with a rootkit ended with a Linux LiveCD, a flash drive, and a Windows XP installation disc.

The problem is that it may have redundant copies of itself on the system. Assuming he's using some variety of Windows NT, the place to start is msconfig. Also check the task manager for suspicious processes.

He's probably better off just recovering his data and reinstalling though.

A friend is a huge trek fan and decided after visiting Memory Alpha to try Memory Beta, the fansite. His computer started having issues directly after so he ran AVG and it deleted a few thousand copies of malware. I found a bunch more running it in safe mode. The problem is that ping.exe is now using 99% of cpu. No matter what I do I can't seem to find whats causing the issue, and at this point I'm assuming he has a rootkit.

Is there a known issue with Memory Beta being infected?

Any advice on tackling rootkit removal? I've never actually tried it before.

It's been Zombified! The fact that ping.exe is going crazy means it's been hijacked to perform some kind of DDOS attack somewhere, so it might have been lying dormant until its master chose a target and may have nothing to do with recent web site visits.

Like real zombies, the best course of action is to blow out its brains and start over.

I had a similar problem, and found that the programme TDSSKiller sorted my computer out.

You can get it here:
http://support.kaspersky.com/faq/?qid=208280684

As someone who has had similar problems, I would direct the OP to use RKill (http://www.bleepingcomputer.com/download/anti-virus/rkill). It's good because you can run it from a Flash drive.

You are really a lot better off joining (for free) an anti-virus forum and asking there. There are plenty of professional forums with skilled IT experts regarding these things. Generally you will be asked to run a registry scanner and post the log, and wait for their response.

What you dont want to do, is download a bunch of different anti-virus programs, especially anti-root kits (they can dig too deep), based on a simple guess of what you may or may not have infecting your system.

:durkon::smalleek:: The roots be attackin'! Run fer yer lives!

You are really a lot better off joining (for free) an anti-virus forum and asking there. There are plenty of professional forums with skilled IT experts regarding these things. Generally you will be asked to run a registry scanner and post the log, and wait for their response.

What you dont want to do, is download a bunch of different anti-virus programs, especially anti-root kits (they can dig too deep), based on a simple guess of what you may or may not have infecting your system.

Oh I've asked several, and am awaiting replies. But since we thought it started with his visit to a site that could be popular amongst some gamers I felt it likely one of you may have had the same experience, and if so you might know where to start tackling this thing.

I would point out that when your computer is infected badly with something. You can no longer trust the system, even after running removal software and the like. The only true way to be sure the system is clean is a total wipe of the hard drive(s) and re-install everything. I know it's a pain. If you have no back-ups from before the problems try to save what documents you can, but realize some files may be infected. Though documents are normally safe there is a slim chance they are not.