Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Root Kit

Posted on 2006-11-17
23
Medium Priority
?
516 Views
Last Modified: 2013-12-04
I think i have a Root Kit on my machine, a friend recommended "Root-Kit Unhooker", but i am afraid when i use it i may remove the wrong file and damage my machine, can someone help?
0
Comment
Question by:Vast41
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 8
  • 2
  • +1
23 Comments
 
LVL 97

Expert Comment

by:war1
ID: 17970663
Greetings, Vast41 !

Use Rookket Revealer or Blacklight

Rootkit Revealer
http://www.sysinternals.com/Utilities/RootkitRevealer.html
or
F-Secure Blacklight
http://www.f-secure.com/blacklight/


Best wishes!
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 17970664
Never used it - I'd suggest RootKitRevealer or Sophos Root Kit utility.  But no product SHOULD remove anything without asking you if you want to remove it.
0
 

Author Comment

by:Vast41
ID: 17970667
I am told Root-Kit Unhooker is the best out there, are the ones you recommended here just as good, i just want all traces of a Root Kit removed. Am i in the right topic area please?
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:Vast41
ID: 17970668
If i use RootKitRevealer how will i know what to remove? Is it possible to get some help if i have a problem?
0
 
LVL 97

Expert Comment

by:war1
ID: 17970674
Vast41,

You are in the right topic area.  I am unfamiliar with Rootkit Unhooker. I know that Rootkit Revealer or Blacklight will identity rootkit for you to remove.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 17970677
I've also not heard of RootKit Unhooker - who is this mystical person telling you what to do - you don't trust them or you wouldn't be checking here...
0
 

Author Comment

by:Vast41
ID: 17970681
Well war1 in the help section of RootKit Revealer it does not seem that easy, it states the following:"You should examine all discrepancies and determine the likelihood that they indicate the presence of a rootkit. Unfortunately, there is no definitive way to determine, based on the output, if a rootkit is present, but you should examine all reported discrepancies to ensure that they are explainable. If you determine that you have a rootkit installed, search the web for removal instructions. If you are unsure as to how to remove a rootkit you should reformat the system's hard disk and reinstall Windows."

Now Leew...this is someone who helped me with a PC problem in past and seems to know a little about computers. However i am a premium member here and i like to see what the experts say here...
0
 

Author Comment

by:Vast41
ID: 17970929
Ok, i guess i have to increase point value cause nobody is replying, so, can somebody tell me what to do with files that i found hooked with RootKit Unhooker? It found a lot more than RootKit Revealer did!
0
 
LVL 97

Expert Comment

by:war1
ID: 17971715
Vast41,

Just because Rootkit Unhooker found more items, it does not mean those items are rootkit. If you delete the wrong one, you will disable your Windows system.

Show us your Rootkit Revealer log, and I can look through your files hidden from Windows API.  What Rootkit Revealer is saying is that it is not easy to find and delete a rootkit.
0
 

Author Comment

by:Vast41
ID: 17972905
Ok War1 Rootkit Revealer found three entries, but this other site i use recommended  Blacklight as you did and i ran it and it found nothing, i since uninstalled Rootkit Revealer SO, my question is is my machine ok, or safe?
0
 
LVL 97

Expert Comment

by:war1
ID: 17973378
Why did you think you have a rootkit?  If the symtoms of the problem is gone, yes, you have gotten the rootkit.
0
 

Author Comment

by:Vast41
ID: 17973804
I was not sure if i had a rookkit, i allowed my Firewall to have a file i did not reconize installed i got scared. Wanted to cover all bases, thanks for volunteering to read the results of Rootkit Revealer, you deserve these points.
0
 
LVL 1

Expert Comment

by:pccpr
ID: 17983085
I predict that ...clean data, back it up, wipe and reload will ultimately be the accepted answer.  

Just my opinion...but so far it has (with 20 20 hindsight) almost always been easier to use something like files and settings transfer wizard to get data safely to one side, (and even a disk imaging program like norton ghost to put the whole thing on DVD) then wipe and reload windows.  This has a few benefits and drawbacks...such as


pros...
Known clean start, no second guessing anomolies later on

Cleans up "registry residue" from apps and devices and other junk (that you might otherwise be uncomfortable deleting) restoring fastest possible performance

Once you get a basic updated installation, make an image so you'll never hesitate to wipe in case of future infection or hardware failure.

In fact it almost always takes less time to reload than completely disinfect.  Disinfecting for me means
-uninstall unneeded apps (and use sysinternals autoruns, and hijack this)
-run ccleaner
-use diskview or treesize to hunt down space wasters
-ghost remaining for saftey
- run manufactures test program...and also look at SMART status indicators
-remove disk to known clean machine,scan with at least a half dozen antivirus and antispyware tools
-burn cleaned data to dvd
-reinstall and attempt booting in original machine
-reinstall and correct damaged / corrupted files
-reinstall protection software
-redo all updates
-retest function of all used features
-burn working image

And that doesn't address rootkits...which means more tools, more tests and not nearly as easy or quick as the spyware and malware tools to use or interpret.
--

Cons
You will be without the use of the computer for at least a few hours...possibly have issues with data transfer if you don't use mainstream software

PS  Locate and donload ALL drivers and at least windows SP2 to optical disk before you start.
0
 

Author Comment

by:Vast41
ID: 17983291
Pccpr that's quite much, i cannot reinstall don't have XP disk right now, plus won't be able to replace some of the programs i like War1 answer better even though, your answer totally is reassuring!
0
 
LVL 97

Expert Comment

by:war1
ID: 18568680
Vasti41,

You thought you had a rootkit.  We did a scan of your computer and showed you that you did not ahve a rootkit.  Is there more question?
0
 

Author Comment

by:Vast41
ID: 18568984
You did a scan of my computer? Please explain?
0
 
LVL 97

Expert Comment

by:war1
ID: 18572098
Vast41,

Rootkit Revealer and Blacklight found nothing according to your post Date:11/18/2006 - 03:32PM PST

You do not have a rootkit. Rootkit Unhooker gave you a false positive.
0
 

Author Comment

by:Vast41
ID: 18640862
war1 i am fine thanks for your imput i am trying to close this question now i found the soulution through forums other then this one thanks.
0
 
LVL 97

Expert Comment

by:war1
ID: 18642211
Vast41, I am curious. What is the solution that you found?
0
 

Author Comment

by:Vast41
ID: 18646491
A friend of my wifes who is an IT Tech came over and physically examined our machine and i am comfortable with his findings in that i do not have a rootkit. As far as the sematics of his examination i cannot tell you cause i was not watching.
0
 
LVL 97

Accepted Solution

by:
war1 earned 750 total points
ID: 18647333
Vast41,

You originally wrote, "...i found the solution through forums other then this one thanks."  Date:03.02.2007 at 06:29AM PST

Now you write, "...an IT Tech came over and physically examined our machine and i am comfortable with his findings in that i do not have a rootkit." Date:03.03.2007 at 12:55AM PST

The latter is what I did with Rootkit Revealer and Blacklight and declared your computer clean. Date:03.03.2007 at 12:55AM PST
0
 

Author Comment

by:Vast41
ID: 18649669
I did scan my machine with Rootkit Revealer and Blacklight, i also had a IT tech look over my machine. When i stated "i found the soulution through forums other then this one" i misspoke, i meant that i found a solution that I personally was very comfortable with (being the IT Tech). However war1 i feel you should take the points but unfortunately i cannot accept your answer the forum denies me that opportunity, probably cause i am not a member at this time. I am truly sorry for this misunderstanding, and if you see me post a question in this forum again (and i will) i hope you give your expert asvice so i can award you points.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question