how to avoid getting rootkits

User001 said:

I was thinking, I read from a Win 7 text, the author suggest to bypass UAC, use Run as Admin.

Is using Run as Admin the same as UAC?
Can I check the Detail before I either Cancel or Install?
If I can Cancel using Run as Admin, where is the file stored and can I scan it using Antivirus before install or delete it if the file was detected as corrupt/infected?

Hi, User001.

To begin, as you have been advised by all of the replies in this thread, you should not try to bypass UAC. When selecting Run as Admin, you will receive a UAC prompt.

Second, unless you change the location, when you download files on Windows 7, they are saved to C:\\Users\%UserName%\Downloads. You can navigate to that folder and scan with your antivirus prior to installing. Note, however, that is not a guarantee the file is not infected. You could also scan the file at Virus Total or Jotti as well.

Advice: Download only from vendor and reputable sites.

pacinitaly said:

francis93 said:

To avoid rootkits, you must scan your pc from time to time with gmer.

gmer gives me errors?

Hi, pacinitaly.

GMER has not been updated for Windows 7. Besides, even if compatible, it would not help you avoid rootkits. It is for scanning/removal of rootkits.

Corrine said:

User001 said:

I was thinking, I read from a Win 7 text, the author suggest to bypass UAC, use Run as Admin.

Is using Run as Admin the same as UAC?
Can I check the Detail before I either Cancel or Install?
If I can Cancel using Run as Admin, where is the file stored and can I scan it using Antivirus before install or delete it if the file was detected as corrupt/infected?

Hi, User001.

To begin, as you have been advised by all of the replies in this thread, you should not try to bypass UAC. When selecting Run as Admin, you will receive a UAC prompt.

Second, unless you change the location, when you download files on Windows 7, they are saved to C:\\Users\%UserName%\Downloads. You can navigate to that folder and scan with your antivirus prior to installing. Note, however, that is not a guarantee the file is not infected. You could also scan the file at Virus Total or Jotti as well.

Advice: Download only from vendor and reputable sites.

pacinitaly said:

francis93 said:

To avoid rootkits, you must scan your pc from time to time with gmer.

gmer gives me errors?

Hi, pacinitaly.

GMER has not been updated for Windows 7. Besides, even if compatible, it would not help you avoid rootkits. It is for scanning/removal of rootkits.

thanks corrine !!!

You're welcome pacinitaly. :)

great read too

got it to work on my vista laptop.
I don't know what I'm looking at

pacinitaly said:

got it to work on my vista laptop.
I don't know what I'm looking at

From that image, you are looking at roughly what I believe is the system uses to start initially. It points out several programs and the process it at starts at, which is where Rootkits try to embed themselves in to avoid being easily removed.

So far, nothing looks out of the ordinary, as there is the normal references to ntkernel and bthport, which I believe is for the Bluetooth port enabling for bluetooth devices like a keyboard to use the laptop.

Keiichi25 said:

pacinitaly said:

got it to work on my vista laptop.
I don't know what I'm looking at

From that image, you are looking at roughly what I believe is the system uses to start initially. It points out several programs and the process it at starts at, which is where Rootkits try to embed themselves in to avoid being easily removed.

So far, nothing looks out of the ordinary, as there is the normal references to ntkernel and bthport, which I believe is for the Bluetooth port enabling for bluetooth devices like a keyboard to use the laptop.

Jacee said:

C:\Windows32\Drivers\PROCEXP141.sys is Process Explorer :)

thank you both very much!!