Windows 7: Need help with Rootkit problem?

Yankie007 · 20 Nov 2010

Hi,
I recently download a software (Sophos anti-rootkit) to get rid of Rootkits so I made a scan with it and the program was showing like 50 issues but I didn't deleted these files because I could not tell if they were infected files or just good files that could mess up my computer if they were removed.

Now, is there a way to know for sure if I have rootkit and how to get rid of them?

Any helps, I would really appreciate,

Yannik

mickey megabyte · 20 Nov 2010

were you using the pc whilst scanning?

Quote:

Known problems
If a scan is run whilst the computer is being used, false positives may appear in the scan results. This is caused by files or registry entries being deleted during the scan, such as temporary files being deleted automatically when an application is closed.

To work around this problem, close all non-essential applications, and then run the scan again.

source

you may want to disable realtime a/v scanning too - especially if you use mse

Jacee · 20 Nov 2010

Disconnect from the network if you disable your Anti-virus program. You really should disconnect, anyway.

mickey megabyte · 20 Nov 2010

+1

i should have said that

Yankie007 · 21 Nov 2010

Hi again,
My anti-virus is Microsoft Security Essentials and I also have Malwarebytes. My problem is these two software can not find hidden Rootkits and it is making me nervous because I buy quite a bit online and these Rootkits are dangerous for that, picking up sensituive information so do you guys happen to know a good software that will scan & remove these Rootkits on my Pc without deleting the good files which is why I need help because I don't know which files are potentially harmful and which files that can't be deleted because they are needed so the Pc can function properly?

Can you please let me know if you have a solution?

Thanks,

Yannik

Jacee · 21 Nov 2010

If I had Rootkit on one of my computers, I'd wipe and do a "Clean" install.

Quote:

There are circumstances that require a fresh install, such as when a system becomes infected with a rootkit. Rootkits can infiltrate the operating system in such a way as to make removal problematic if not impossible. The only way to be sure of eradicating a rootkit is to reformat the drive, destroying all data. Once the drive has been reformatted you can reinstall Microsoft® Windows™ using the compact disc that came with the machine, or a purchased retail version.

However, have a read here What is a Rootkit?

fletch · 21 Nov 2010

You have to very careful with rootkits but Malwarebytes or superantispyware should be OK to run

I would let a malware expert have a look at some logs

But you can run this TDSSKiller for a specific rootkit family How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?

Yankie007 · 21 Nov 2010

Hi and thank you Fletch for your help! I did ran a scan with a free tdskiller by Kaspersky and it actually removed a nasty rootkits that was making Google redirect all website I wanted to view. After that, I did download another Anti-Rootkits (Sophos anti-rootkits) that was supposed to kill all kind of rootkits so I did a scan but at the result it was showing like 50 rootkit problems but I didn't do anything because I did not want to delete the wrong file that could of mess up my computer. On the other hand, I kind of nervous that there is still a rootkits so I want to make sure there's nothing.

Thanks,

Yannik

Ps: If I save a scan and post it here on the site, could someone let me know if I'm infected or not?

Jacee · 22 Nov 2010

Yes Yankie007, I can read the saved logs and let you know. Please copy and paste them in your next reply.

fletch · 22 Nov 2010

I'm glad your sorted Yannik and it will be interesting in seeing the logs

Windows 7: Need help with Rootkit problem?

Need help with Rootkit problem? problems?