[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 517
  • Last Modified:

Root Kit

I think i have a Root Kit on my machine, a friend recommended "Root-Kit Unhooker", but i am afraid when i use it i may remove the wrong file and damage my machine, can someone help?
0
Vast41
Asked:
Vast41
  • 11
  • 8
  • 2
  • +1
1 Solution
 
war1Commented:
Greetings, Vast41 !

Use Rookket Revealer or Blacklight

Rootkit Revealer
http://www.sysinternals.com/Utilities/RootkitRevealer.html
or
F-Secure Blacklight
http://www.f-secure.com/blacklight/


Best wishes!
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Never used it - I'd suggest RootKitRevealer or Sophos Root Kit utility.  But no product SHOULD remove anything without asking you if you want to remove it.
0
 
Vast41Author Commented:
I am told Root-Kit Unhooker is the best out there, are the ones you recommended here just as good, i just want all traces of a Root Kit removed. Am i in the right topic area please?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
Vast41Author Commented:
If i use RootKitRevealer how will i know what to remove? Is it possible to get some help if i have a problem?
0
 
war1Commented:
Vast41,

You are in the right topic area.  I am unfamiliar with Rootkit Unhooker. I know that Rootkit Revealer or Blacklight will identity rootkit for you to remove.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I've also not heard of RootKit Unhooker - who is this mystical person telling you what to do - you don't trust them or you wouldn't be checking here...
0
 
Vast41Author Commented:
Well war1 in the help section of RootKit Revealer it does not seem that easy, it states the following:"You should examine all discrepancies and determine the likelihood that they indicate the presence of a rootkit. Unfortunately, there is no definitive way to determine, based on the output, if a rootkit is present, but you should examine all reported discrepancies to ensure that they are explainable. If you determine that you have a rootkit installed, search the web for removal instructions. If you are unsure as to how to remove a rootkit you should reformat the system's hard disk and reinstall Windows."

Now Leew...this is someone who helped me with a PC problem in past and seems to know a little about computers. However i am a premium member here and i like to see what the experts say here...
0
 
Vast41Author Commented:
Ok, i guess i have to increase point value cause nobody is replying, so, can somebody tell me what to do with files that i found hooked with RootKit Unhooker? It found a lot more than RootKit Revealer did!
0
 
war1Commented:
Vast41,

Just because Rootkit Unhooker found more items, it does not mean those items are rootkit. If you delete the wrong one, you will disable your Windows system.

Show us your Rootkit Revealer log, and I can look through your files hidden from Windows API.  What Rootkit Revealer is saying is that it is not easy to find and delete a rootkit.
0
 
Vast41Author Commented:
Ok War1 Rootkit Revealer found three entries, but this other site i use recommended  Blacklight as you did and i ran it and it found nothing, i since uninstalled Rootkit Revealer SO, my question is is my machine ok, or safe?
0
 
war1Commented:
Why did you think you have a rootkit?  If the symtoms of the problem is gone, yes, you have gotten the rootkit.
0
 
Vast41Author Commented:
I was not sure if i had a rookkit, i allowed my Firewall to have a file i did not reconize installed i got scared. Wanted to cover all bases, thanks for volunteering to read the results of Rootkit Revealer, you deserve these points.
0
 
pccprCommented:
I predict that ...clean data, back it up, wipe and reload will ultimately be the accepted answer.  

Just my opinion...but so far it has (with 20 20 hindsight) almost always been easier to use something like files and settings transfer wizard to get data safely to one side, (and even a disk imaging program like norton ghost to put the whole thing on DVD) then wipe and reload windows.  This has a few benefits and drawbacks...such as


pros...
Known clean start, no second guessing anomolies later on

Cleans up "registry residue" from apps and devices and other junk (that you might otherwise be uncomfortable deleting) restoring fastest possible performance

Once you get a basic updated installation, make an image so you'll never hesitate to wipe in case of future infection or hardware failure.

In fact it almost always takes less time to reload than completely disinfect.  Disinfecting for me means
-uninstall unneeded apps (and use sysinternals autoruns, and hijack this)
-run ccleaner
-use diskview or treesize to hunt down space wasters
-ghost remaining for saftey
- run manufactures test program...and also look at SMART status indicators
-remove disk to known clean machine,scan with at least a half dozen antivirus and antispyware tools
-burn cleaned data to dvd
-reinstall and attempt booting in original machine
-reinstall and correct damaged / corrupted files
-reinstall protection software
-redo all updates
-retest function of all used features
-burn working image

And that doesn't address rootkits...which means more tools, more tests and not nearly as easy or quick as the spyware and malware tools to use or interpret.
--

Cons
You will be without the use of the computer for at least a few hours...possibly have issues with data transfer if you don't use mainstream software

PS  Locate and donload ALL drivers and at least windows SP2 to optical disk before you start.
0
 
Vast41Author Commented:
Pccpr that's quite much, i cannot reinstall don't have XP disk right now, plus won't be able to replace some of the programs i like War1 answer better even though, your answer totally is reassuring!
0
 
war1Commented:
Vasti41,

You thought you had a rootkit.  We did a scan of your computer and showed you that you did not ahve a rootkit.  Is there more question?
0
 
Vast41Author Commented:
You did a scan of my computer? Please explain?
0
 
war1Commented:
Vast41,

Rootkit Revealer and Blacklight found nothing according to your post Date:11/18/2006 - 03:32PM PST

You do not have a rootkit. Rootkit Unhooker gave you a false positive.
0
 
Vast41Author Commented:
war1 i am fine thanks for your imput i am trying to close this question now i found the soulution through forums other then this one thanks.
0
 
war1Commented:
Vast41, I am curious. What is the solution that you found?
0
 
Vast41Author Commented:
A friend of my wifes who is an IT Tech came over and physically examined our machine and i am comfortable with his findings in that i do not have a rootkit. As far as the sematics of his examination i cannot tell you cause i was not watching.
0
 
war1Commented:
Vast41,

You originally wrote, "...i found the solution through forums other then this one thanks."  Date:03.02.2007 at 06:29AM PST

Now you write, "...an IT Tech came over and physically examined our machine and i am comfortable with his findings in that i do not have a rootkit." Date:03.03.2007 at 12:55AM PST

The latter is what I did with Rootkit Revealer and Blacklight and declared your computer clean. Date:03.03.2007 at 12:55AM PST
0
 
Vast41Author Commented:
I did scan my machine with Rootkit Revealer and Blacklight, i also had a IT tech look over my machine. When i stated "i found the soulution through forums other then this one" i misspoke, i meant that i found a solution that I personally was very comfortable with (being the IT Tech). However war1 i feel you should take the points but unfortunately i cannot accept your answer the forum denies me that opportunity, probably cause i am not a member at this time. I am truly sorry for this misunderstanding, and if you see me post a question in this forum again (and i will) i hope you give your expert asvice so i can award you points.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 11
  • 8
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now