Root Kit
I think i have a Root Kit on my machine, a friend recommended "Root-Kit Unhooker", but i am afraid when i use it i may remove the wrong file and damage my machine, can someone help?
Never used it - I'd suggest RootKitRevealer or Sophos Root Kit utility. But no product SHOULD remove anything without asking you if you want to remove it.
ASKER
I am told Root-Kit Unhooker is the best out there, are the ones you recommended here just as good, i just want all traces of a Root Kit removed. Am i in the right topic area please?
ASKER
If i use RootKitRevealer how will i know what to remove? Is it possible to get some help if i have a problem?
Vast41,
You are in the right topic area. I am unfamiliar with Rootkit Unhooker. I know that Rootkit Revealer or Blacklight will identity rootkit for you to remove.
You are in the right topic area. I am unfamiliar with Rootkit Unhooker. I know that Rootkit Revealer or Blacklight will identity rootkit for you to remove.
I've also not heard of RootKit Unhooker - who is this mystical person telling you what to do - you don't trust them or you wouldn't be checking here...
ASKER
Well war1 in the help section of RootKit Revealer it does not seem that easy, it states the following:"You should examine all discrepancies and determine the likelihood that they indicate the presence of a rootkit. Unfortunately, there is no definitive way to determine, based on the output, if a rootkit is present, but you should examine all reported discrepancies to ensure that they are explainable. If you determine that you have a rootkit installed, search the web for removal instructions. If you are unsure as to how to remove a rootkit you should reformat the system's hard disk and reinstall Windows."
Now Leew...this is someone who helped me with a PC problem in past and seems to know a little about computers. However i am a premium member here and i like to see what the experts say here...
Now Leew...this is someone who helped me with a PC problem in past and seems to know a little about computers. However i am a premium member here and i like to see what the experts say here...
ASKER
Ok, i guess i have to increase point value cause nobody is replying, so, can somebody tell me what to do with files that i found hooked with RootKit Unhooker? It found a lot more than RootKit Revealer did!
Vast41,
Just because Rootkit Unhooker found more items, it does not mean those items are rootkit. If you delete the wrong one, you will disable your Windows system.
Show us your Rootkit Revealer log, and I can look through your files hidden from Windows API. What Rootkit Revealer is saying is that it is not easy to find and delete a rootkit.
Just because Rootkit Unhooker found more items, it does not mean those items are rootkit. If you delete the wrong one, you will disable your Windows system.
Show us your Rootkit Revealer log, and I can look through your files hidden from Windows API. What Rootkit Revealer is saying is that it is not easy to find and delete a rootkit.
ASKER
Ok War1 Rootkit Revealer found three entries, but this other site i use recommended Blacklight as you did and i ran it and it found nothing, i since uninstalled Rootkit Revealer SO, my question is is my machine ok, or safe?
Why did you think you have a rootkit? If the symtoms of the problem is gone, yes, you have gotten the rootkit.
ASKER
I was not sure if i had a rookkit, i allowed my Firewall to have a file i did not reconize installed i got scared. Wanted to cover all bases, thanks for volunteering to read the results of Rootkit Revealer, you deserve these points.
I predict that ...clean data, back it up, wipe and reload will ultimately be the accepted answer.
Just my opinion...but so far it has (with 20 20 hindsight) almost always been easier to use something like files and settings transfer wizard to get data safely to one side, (and even a disk imaging program like norton ghost to put the whole thing on DVD) then wipe and reload windows. This has a few benefits and drawbacks...such as
pros...
Known clean start, no second guessing anomolies later on
Cleans up "registry residue" from apps and devices and other junk (that you might otherwise be uncomfortable deleting) restoring fastest possible performance
Once you get a basic updated installation, make an image so you'll never hesitate to wipe in case of future infection or hardware failure.
In fact it almost always takes less time to reload than completely disinfect. Disinfecting for me means
-uninstall unneeded apps (and use sysinternals autoruns, and hijack this)
-run ccleaner
-use diskview or treesize to hunt down space wasters
-ghost remaining for saftey
- run manufactures test program...and also look at SMART status indicators
-remove disk to known clean machine,scan with at least a half dozen antivirus and antispyware tools
-burn cleaned data to dvd
-reinstall and attempt booting in original machine
-reinstall and correct damaged / corrupted files
-reinstall protection software
-redo all updates
-retest function of all used features
-burn working image
And that doesn't address rootkits...which means more tools, more tests and not nearly as easy or quick as the spyware and malware tools to use or interpret.
--
Cons
You will be without the use of the computer for at least a few hours...possibly have issues with data transfer if you don't use mainstream software
PS Locate and donload ALL drivers and at least windows SP2 to optical disk before you start.
Just my opinion...but so far it has (with 20 20 hindsight) almost always been easier to use something like files and settings transfer wizard to get data safely to one side, (and even a disk imaging program like norton ghost to put the whole thing on DVD) then wipe and reload windows. This has a few benefits and drawbacks...such as
pros...
Known clean start, no second guessing anomolies later on
Cleans up "registry residue" from apps and devices and other junk (that you might otherwise be uncomfortable deleting) restoring fastest possible performance
Once you get a basic updated installation, make an image so you'll never hesitate to wipe in case of future infection or hardware failure.
In fact it almost always takes less time to reload than completely disinfect. Disinfecting for me means
-uninstall unneeded apps (and use sysinternals autoruns, and hijack this)
-run ccleaner
-use diskview or treesize to hunt down space wasters
-ghost remaining for saftey
- run manufactures test program...and also look at SMART status indicators
-remove disk to known clean machine,scan with at least a half dozen antivirus and antispyware tools
-burn cleaned data to dvd
-reinstall and attempt booting in original machine
-reinstall and correct damaged / corrupted files
-reinstall protection software
-redo all updates
-retest function of all used features
-burn working image
And that doesn't address rootkits...which means more tools, more tests and not nearly as easy or quick as the spyware and malware tools to use or interpret.
--
Cons
You will be without the use of the computer for at least a few hours...possibly have issues with data transfer if you don't use mainstream software
PS Locate and donload ALL drivers and at least windows SP2 to optical disk before you start.
ASKER
Pccpr that's quite much, i cannot reinstall don't have XP disk right now, plus won't be able to replace some of the programs i like War1 answer better even though, your answer totally is reassuring!
Vasti41,
You thought you had a rootkit. We did a scan of your computer and showed you that you did not ahve a rootkit. Is there more question?
You thought you had a rootkit. We did a scan of your computer and showed you that you did not ahve a rootkit. Is there more question?
ASKER
You did a scan of my computer? Please explain?
Vast41,
Rootkit Revealer and Blacklight found nothing according to your post Date:11/18/2006 - 03:32PM PST
You do not have a rootkit. Rootkit Unhooker gave you a false positive.
Rootkit Revealer and Blacklight found nothing according to your post Date:11/18/2006 - 03:32PM PST
You do not have a rootkit. Rootkit Unhooker gave you a false positive.
ASKER
war1 i am fine thanks for your imput i am trying to close this question now i found the soulution through forums other then this one thanks.
Vast41, I am curious. What is the solution that you found?
ASKER
A friend of my wifes who is an IT Tech came over and physically examined our machine and i am comfortable with his findings in that i do not have a rootkit. As far as the sematics of his examination i cannot tell you cause i was not watching.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did scan my machine with Rootkit Revealer and Blacklight, i also had a IT tech look over my machine. When i stated "i found the soulution through forums other then this one" i misspoke, i meant that i found a solution that I personally was very comfortable with (being the IT Tech). However war1 i feel you should take the points but unfortunately i cannot accept your answer the forum denies me that opportunity, probably cause i am not a member at this time. I am truly sorry for this misunderstanding, and if you see me post a question in this forum again (and i will) i hope you give your expert asvice so i can award you points.
Use Rookket Revealer or Blacklight
Rootkit Revealer
http://www.sysinternals.com/Utilities/RootkitRevealer.html
or
F-Secure Blacklight
http://www.f-secure.com/blacklight/
Best wishes!