Need help with Rootkit problem?

[Yankie007]

Hi,
I recently download a software (Sophos anti-rootkit) to get rid of Rootkits so I made a scan with it and the program was showing like 50 issues but I didn't deleted these files because I could not tell if they were infected files or just good files that could mess up my computer if they were removed.

Now, is there a way to know for sure if I have rootkit and how to get rid of them?

Any helps, I would really appreciate,

Yannik

 

[mickey megabyte]

were you using the pc whilst scanning?

Known problems
If a scan is run whilst the computer is being used, false positives may appear in the scan results. This is caused by files or registry entries being deleted during the scan, such as temporary files being deleted automatically when an application is closed.

To work around this problem, close all non-essential applications, and then run the scan again.

source

you may want to disable realtime a/v scanning too - especially if you use mse

 

[Jacee]

Disconnect from the network if you disable your Anti-virus program. You really should disconnect, anyway.

 

[mickey megabyte]

+1

i should have said that

 

[Yankie007]

Hi again,
My anti-virus is Microsoft Security Essentials and I also have Malwarebytes. My problem is these two software can not find hidden Rootkits and it is making me nervous because I buy quite a bit online and these Rootkits are dangerous for that, picking up sensituive information so do you guys happen to know a good software that will scan & remove these Rootkits on my Pc without deleting the good files which is why I need help because I don't know which files are potentially harmful and which files that can't be deleted because they are needed so the Pc can function properly?

Can you please let me know if you have a solution?

Thanks,

Yannik

 

[Jacee]

If I had Rootkit on one of my computers, I'd wipe and do a "Clean" install.

There are circumstances that require a fresh install, such as when a system becomes infected with a rootkit. Rootkits can infiltrate the operating system in such a way as to make removal problematic if not impossible. The only way to be sure of eradicating a rootkit is to reformat the drive, destroying all data. Once the drive has been reformatted you can reinstall Microsoft® Windows™ using the compact disc that came with the machine, or a purchased retail version.

However, have a read here What is a Rootkit?

 

[fletch]

You have to very careful with rootkits but Malwarebytes or superantispyware should be OK to run

I would let a malware expert have a look at some logs

But you can run this TDSSKiller for a specific rootkit family How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?

 

[Yankie007]

Hi and thank you Fletch for your help! I did ran a scan with a free tdskiller by Kaspersky and it actually removed a nasty rootkits that was making Google redirect all website I wanted to view. After that, I did download another Anti-Rootkits (Sophos anti-rootkits) that was supposed to kill all kind of rootkits so I did a scan but at the result it was showing like 50 rootkit problems but I didn't do anything because I did not want to delete the wrong file that could of mess up my computer. On the other hand, I kind of nervous that there is still a rootkits so I want to make sure there's nothing.

Thanks,

Yannik

Ps: If I save a scan and post it here on the site, could someone let me know if I'm infected or not?

 

[Jacee]

Yes Yankie007, I can read the saved logs and let you know. Please copy and paste them in your next reply.

 

[fletch]

I'm glad your sorted Yannik and it will be interesting in seeing the logs

 

[Yankie007]

Sorry guys, I've never could figure out the problem (couldn't copy log files) with the software I was using (Sophos Anti-rootkits) but I got rid of one Rootkit that was messing up my Pc so that's good news.

Annyway, 1 million thanks guys for taking your precious time to help me out!

Peace

 

[krokusnat]

You could try Emsisoft Antimalware free for a usb stick and scan you computer with having to install a program. It has approximately over 5 million signatures and finds all kinds of other stuff as well.

Emsisoft Free Emergency Kit

 

[Yankie007]

Awesome thanks Krokusnat!

 

[gregrocker]

Sophos should do the job best so I'd run it until it shows clean.

Someone in the Security forum here should be able to tell you how to upload its log file.

For now you can use the Snipping Tool in the Start Menu to take a screenshot(s) of its maximized results window. Post back using paper clip in reply box.