Results 1 to 5 of 5
  1. #1
    4 Star Lounger
    Join Date
    Mar 2001
    Location
    New Zealand
    Posts
    541
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I downloaded the free version of AVG AntiRootkit and ran it. It found two "Hidden driver files". These were seemingly related to a recent update of Norton Internet Security. When I asked it to remove them I got a window warning me that this was an extremely dangerous thing to do which could leave my PC unbootable. What should I do? Take the risk or leave the so-called rootkits where they are?

  2. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Make an imaged backup of your entire operating system's drive before doing anything.
    More information is needed, like the name of your operating system, version/edition, and the AVG AntiRootkit log.
    Also consider that it may very well be a false posative, especially in the absence of unusual behaviors or unusual and unexpected network activity.
    Get a second opinion with Sysinternal's RootkitRevealer, assuming your system is XP 32 bit
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  3. #3
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,592
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    I too would urge you to run another tool such as RootkitRevealer. Please be sure to read everything at that page about the tool & rootkits. It is not easy to identify rootkits accurately.

    Joe
    Joe

  4. #4
    4 Star Lounger
    Join Date
    Mar 2001
    Location
    New Zealand
    Posts
    541
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I tried RootkitRevealer and it showed only one of the two files that AVG Antirootkit reported alomg with two others which did not appear on AVG, then advised me to search the internet for ways to get rid of them. Is there not a program that can find and then remove rootkits? I am confused.

  5. #5
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,592
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    If you read that whole page about Rootkitrevealer you'll see that just because something shows up as a rootkit does not mean it is malicious. There are legitimate reasons for for software to operate in that manner. If you are sure you want to remove what has been identified did you try using AVG? If all you got was a warning you should still be able to proceed. I'm afraid there is not general tool that will just remove them automatically. I think you'll find most of these type of tools will warn you before removal.

    NOTE: I recommend you backup your system before attempting to do this kind of surgery.

    Joe
    Joe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •