Get the Latest
Subscribe to our RSS feed or enter your email address below to get the feed delivered to you by email:
New! Follow Gizmo on Twitter
Security Wizard
Hot! Get our free security suggestions customized to your needs. Get started
Navigation
User login
| New: | Help keep this site independent with few ads by buying a Gizmo Cap or T-shirt or by Donating |
| Hot: | Get free personalized security suggestions from Gizmo's Security Wizard |
| Help: | Know your freeware? Then suggest a hot product or become a reviewer or moderator for Gizmos |
Best Free Rootkit Scanner/Remover
|
In a Hurry?
|
 Go straight to the Quick Selection Guide |
|
Introduction
|
|
When your computer gets a virus, that virus tries to spread, and eventually it will damage the host making it much easier to detect. A rootkit on the other hand is designed to hide certain elements such as files, processes, registry entries, or network connections, from the user and other programs thus making it very difficult to detect. This technology can be used for good as well as malicious purposes so it is important to be familiar with your computer to avoid deleting these legitimate objects. Within Windows rootkits are used to hide malware so that their execution goes unnoticed by your security applications. So imagine that a rootkit has been installed on your computer and that its purpose is to hide a virus, thus giving the malware time to complete its goal, steal your data, and damage your system all the while going undetected. Unfortunately, rootkits are extremely effective at this, which means that even though you may believe your PC to be totally clean, some of you could be infected right now. Most of the anti-virus vendors have integrated anti-rootkit technology into their more recent products. However, this is not a fool proof solution against rootkits because just as the AV companies improve their products detection abilities, so the malware creators find new ways to avoid detection. So as security conscious users we must rely on third party tools to help us, and there are several free applications which specialize in the detection and removal of rootkits. Keep in mind that none of these products will detect every single problem, so it is always a good idea to keep more than one of them to hand. |
|
Discussion
|
|
There are a lot of anti-rootkit programs available, but unfortunately not many of them will work on Windows 7 yet. A lot of this software is very advanced and requires an experienced and technical minded user who is familiar with computers and operating systems. However, there are a couple of options that do not require much technical ability and are also very effective.
|
 I have two top choices for all the experienced and technical users because I find it impossible to choose one over the other. GMER and RootRepeal are very popular applications, and they are definitely my favorites, but it takes someone pretty knowledgeable about computer systems to be able to interpret the results. You can find a lot of documentation on both programs but if you are the type of person who likes to click the scan button and simply wait for the results, you would be better served with either Sophos or F-Secure Blacklight. |
|
Windows Vista and XP users should download a copy of this great program because even though it is not supported anymore, it is still one of the best rootkit removal applications available.
|
|
|
|
Sometimes the only symptoms you will get from rootkits is an increase in network traffic, or a decrease in performance, and maybe an unknown process running. So with today's high bandwidth networks, and high performance computers it can be very hard to notice any signs. Prevention is always the best practice, but detection is just as important so make sure your AV has anti-rootkit capabilities, and make sure you have a good Firewall and HIPS combo. This and a combination of the tools I have mentioned are the best approach toward keeping your computer free of rootkits.
|
|
Additionally, Prevx Free can run customized scans from the context menu and also gives you the ability to schedule scans in the GUI to help assure that nothing has gotten by your normal security software. On my 320 GB hard drive a deep scan takes about three minutes on average. The free version also offers protection of stored cookies as well as protection for all of your saved credentials. There is also a browser protecton component in the free version but it only offers custom protection on only one web site of your choice. It does however, give the full Prevx Safe Online protection, which includes anti-phishing, protection against hijacks, keyloggers, and cookie stealers for a number of popular websites such as PayPal, CleverBridge, or Amazon and of course the one website of your choice. While the free version of Prevx can not clean a lot of rootkits, it can effectively warn you about new infections. Prevx is inherently built on their anti-rootkit technology, and has consistently been one of the first vendors to detect new rootkits. I believe that this application can play a very important role in keeping your computer clean of all infections, after all, you can't remove what you can not find. Please note: Some of the free version component features in Prevx/SafeOnline are either restricted or disabled altogether. Users should read the vendor's description carefully for the version they are downloading before deciding if the program is suitable for their own needs.
|
The free version of Prevx offers the same class leading real time detection of the full version, unfortunately it doesn't offer much more than this. Prevx Free is only capable of cleaning select infections, such as Adware, the ZEUS banking trojan, and MBR rootkits. When dealing with rootkits detection is definitely very important, so even if you can't clean all infections you might at least be alerted, enabling you to take further action and manually remove the rootkit or seek help in doing so. As hard as it is detect the newer, ever evolving rootkits and viruses, Prevx can be a very powerful and informative addition to your regular anti-virus software.
Sophos Anti-Rootkit
|
||
 |
Easy to use and scans fast. Effective rootkit removal. Decent help file. Good recommendations about scan results. | |
 |
Unlocks one more feature only if you use Sophos Anti-Virus. | |
 |
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html | |
 |
https://secure.sophos.com/products/free-tools/sophos-anti-rootkit/download/ | |
 |
1.3 MB  1.5  Unrestricted Freeware  Windows 7/Vista/XP/2000 |
|
 |
64 Bit version available | |
Root Repeal
|
||
|
Can remove even the most advanced rootkits. Scans very fast. No installation | |
|
Very advanced, not recommended for average users. Win 7 compatible version is not out yet. | |
|
http://rootrepeal.googlepages.com/ | |
|
http://rootrepeal.googlepages.com/ | |
|
454 kb 1.3.5 Unrestricted Freeware Windows Vista/XP/2000 |
|
 |
Portable version available | |
GMER
|
||
|
Considered class leading technology. | |
|
Not compatible with Windows 7. No help file. Not suitable for average users. | |
|
http://www.gmer.net/ | |
|
http://www.gmer.net/ | |
|
284 kb 1.0.15.15281 Unrestricted Freeware Windows Vista/XP/2000 |
|
|
Portable version available | |
F-Secure Blacklight Rootkit Eliminator
|
||
|
Decent help file available. Simple GUI. Easy enough for everyone. No installation. | |
|
Not compatible with Windows 7. No support. | |
|
http://www.f-secure.com/en_EMEA/products/technologies/blacklight/ | |
|
http://www.f-secure.com/en_EMEA/security/security-lab/tools-and-services/blacklight/ | |
|
1.08 MB 2.2.1092.0 Unrestricted Freeware Windows Vista/XP/2000 |
|
|
Portable version available | |
Dr. Web Cure It!
|
||
|
Can detect and remove all infections. Very easy to use. No Install needed. | |
|
No updater included, so you have to download the whole program every time you need it to get the latest definitions. | |
|
http://www.drweb-online.com/en/cure_it.asp?rpid= | |
|
http://www.softpedia.com/get/Antivirus/Dr-WEB-CureIt.shtml | |
|
24 MB 5.00.9 Unrestricted Freeware All Windows Platforms |
|
|
64 Bit version available Portable version available |
|
Prevx Free
|
||
|
Real time anti-rootkit detection. Can detect all types of infections and is very good at it. Very light on resources. Scans in 5- 10 minutes. Provides some browser protection. Very easy to use and intuitive. | |
|
Free version will only clean select infections. Safe Online browser protection is only available on just 1 web site of the users choice. Some scan options disabled in the free version. | |
|
http://www.prevx.com/ | |
|
http://info.prevx.com/downloadcsi.asp | |
|
889 kb 3.0.5.50 Restricted Freeware (full commercial version available) Windows 98, XP, VISTA, 2000, 2003, 2008 and Windows 7 |
|
|
64 Bit version available | |
|
Editor
|
|
If you wish to contact me to request a product to be reviewed, or wish to send feedback or suggestions on how to improve this review, please feel free to do so. Registered users can contact me here if you wish to, but everyone is welcome to post a comment. This software category is maintained by volunteer editor DLC50. |
|
Tags
|
|
anti-rootkit, rootkit scanner, rootkit remover, free rootkit scanner, free rootkit remover, freeware, rootkit eliminator, rootkit detection |
Back to the top of the article
- Article type:
Comments
PrevX identifies a file in Windows/system32 called fyler1-q9zj8.exe as a threat, which most of the categories of free antimalware programs discussed throughout this site do not.
I've read about this being a false-positive elsewhere on the internet, but how can I make sure it is?
Please suggest me a way.
Thanks in advance,
-Spruce.
You can upload the file to www.virustotal.com. It will scan the file with 41 antivirus engines, and give you result.
The file indeed was a false positive (3/42 scanners reported it as infected, but it was a heuristic analysis)
Thanks a lot for the reference; it helped me a lot.
Glad it helped you :).
tel me how to remove rootkit
Did you try any anti-rootkit program? Which one?
Let a friend use my laptop while I was at the beach and it came back with an extremely nasty set of rootkits and other infections that even Sophos could not clear. I made progress but was not able to fix everything. Ended up using [edit: link to commercial services removed] to fix it. I noticed that they used GMER, HiJackThis, and some other tool I hadn't seen before to clear the infection.
I have two questions regarding Prevx...The scanner in SafeOnline detects Tizer Rootkir Razor as an infection while the Prevx module in Hitman Pro does not.I believe it is a false positive but why the discrepancy? Second how do I configure Safeonline to ignore the false positive of Tizer? It does give the option of transferring the file/infection to another folder but how do I know which one? Help! Thank you.
This is an interesting question. Can anyone try to answer?
I do not have the expertise to answer any of your questions; I'm just an amateur. But I'd like to share a similar problem.
Hitman Pro did not identify a file as a threat, but PrevX did! It might be because the other engines in Hitman Pro told PrevX' module, "Listen! You're giving a false-positive...skip it at once!" ;-)
N.B. I'm just guessing.
:-)
Can you please test out vba32 antirootkit. I have heard great things about this little known product.
Is Avast's integration with GMER just as good as GMER by itself?
To dl50,
Thanks for such a good website!
I was just wondering why you didn't include Hijack This.
HiJackThis is not a scanner, or a remover. It simply shows the registry and files settings on the computer. It does not show whether they are good or bad. It just shows them. Therefore, it has not been included here.
Can anyone explain why when I try to update Prevx Safeonline it states it is already up to date when I have version 3.0.5 179? Does this apply only to the definitions? How do I obtain the newest version 3.0.5 182? Thanks
You can download the program from its site. The links are given in the article itself.
In the end, we decided to award eight of the ten licenses donated by Immunet for our "how to stay safe online" competition winners here:
http://www.techsupportalert.com/freeware-forum/security/4430-win-license...
The remaining two plus three more will be given away to the first five members to send me what I think are the funniest one sentence reasons why they should get one! Humorous personal abuse is acceptable so long as it's only directed at me :D
Entries by PM only please. Keep them clean as we need to publish the results!
What about Panda Antirootkit. Is it any good?
Panda Anti Rootkit was one of the top and one of my favorites for a long time. If it had been kept updated I would probably have it near the top now but as it is, without updates it is not a good choice.
According to this, no, but please appreciate that this is just one opinion.
http://www.anti-malware-test.com/
As I understand it though, the more simple and popular scanners are much easier for malware developers to write workarounds for which may explain why they are not so effective.
Thanks for the feedback. It's interesting to read how this 'Anti-malware-test' site rates Avira 9. (It's a fail!)
Win a License for Immunet Protect Plus!
Followers of Immunet Protect cloud based antivirus will be aware that the 2.0 version has just been released.
www.immunet.com/free/index.html
I have to say that I’ve been quite impressed with how Alfred Huger and the rest of his team have conducted this exercise. Their dedication and commitment to customer generated improvements is a sure fire lesson some other vendors would do well to copy. The net result is an effective antimalware solution which will continue to improve as development moves forward. A bonus is that the program will run alongside many of the traditional solutions. The official and unofficially supported programs are listed here:
http://support.immunet.com/tiki-read_article.php?articleId=4
In recognition of the feedback received from TSA members, Immunet have graciously made available 10 free licenses for the “Plus” version of Immunet Protect. In order to give everyone a fair shot at these we’ve decided to run a competition. All you need do to enter is to write a short piece about the steps you take to stay safe online, including the *programs you use and why you think these are the best solutions.
*Any entries containing references to commercial products will be disqualified.
Entries should be submitted to myself by using the “Contact Info” button which is accessible by clicking my user name (MidnightCowboy) in the forum.
If you are not already registered for the site please use the "register" button at the top of the forum page.
The ten winners will each receive a free license for the “Plus” version of Immunet Protect and their entries will be published in a special “Security” section forum thread.
Closing date for receipt of entries is Monday 28th June, 2010.
The judges decision will be final and no correspondence will be entered into concerning entries.
what about Rootkit Revealer? how is it compared?
Rootkit Revealer was a great and useful software when it was first developed but it is mostly useless with a lot of todays threats. Malware creators have progressed at a very alarming rate as far as complexities of these infections and now I see a lot of new antirootkit tools coming out that are being updated every week and sometimes more often just to keep up. So no I am afraid that Rootkit Revealer needs to be retired.
By the way everyon I have been super busy lately with all of this stupid search engine malware being caught up by FF and Chrome and I haven't had time to update this review. I am sorry but it will be a little while but I have compiled a list of some newer ARK's and some old and those on the review already, and I am going to test them before I update the review. I have a collection of wicked rootkits that I have acquired and it should be interesting. Thanks
Regards,
DLC50
http://www.techsupportalert.com/freeware-forum/security/3895-infected-xp...
further info
http://www.theregister.co.uk/2010/04/16/ms_kernel_patch_bypasses_pwned_pcs/
Is the Prevx in HitManPro the same as the standalone Prevx?Or at least is the scanning ability as advanced/efficient? I am wondering if I need both programs...
probably not. personally, wouldn't go with either!
Why not?
don't favour cloud at the moment. zero day baddies would be just as detectable by a decent firewall with a strong hips compared to that of a cloud that also uses heuristics!
Yes Prevs is in Hitman Pro but I agree with the comment above. Maybe I am old fashioned and I do love Prevx but I just can not trust cloud technology yet. The way I use prevx is to carry it around in a UFD and when a client calls it is the first thing I scan with because even if it can not do the cleaning it scans fast and gives me a great idea of what I am dealing with and what my next step is. It is indispensable to me in this role but I doubt I will ever spend a dime on it.
Considering that I am using Vista firewall which has no HIPS...In THIS case would Prevx whether standalone or in Hitman Pro be beneficial? I am somewhat of a newbie and still learning my way!
Well I would say that yes I am sure it would be useful to you even if you only used it once a month but I would not rely on it and it alone. Prevx is great and they are quickly changing the 'HIPS' category to a truly automated response HIPS that does not rely on the user for much at all. So yesh it would help you out. I only use Avast Free with just the file system shield installed and set to scan only on execution, but I also use MBAM, to scan on demand every couple of weeks and I can not even remember the last time I got an infection. My view of security is, the simpler the better.
I disagree with you about Avast. Recently I had Avast for several months and it was updated frequently and all. But one day without my knowledge I got infected with Relevant Knowledge Spyware-Adware which managed to disable it and killed my Windows. I had to boot from XP after resetting my PC. So Avast is ZERO!
I have regretted not to have installed Avira instead as on my other computer it had been able to fight every attack successfully.
Regards,
AntiSpywaregirl!
I don't think much of Sophos Anti-Rootkit. I was doing a Root kit scan of my hard drive.
I am a programmer. It kept saying that executables that I had programed was unknown hidden files.
For one, I can see them in the directory. So how is that hidden ?
Two they are files I programmed myself.
I am also disappointed in Avira. It is also trying to claim that a executable of mine is TR/Downloader.Gen. Too many false positives !
Avira is slipping down the slope and facing a swift fall to the bottom if they do not shape up. I love avira and I hear they are having tuff times financially as everyone else so you might expect to see them a little weaker than usual right now. I expect them to be back on top pretty soon though.
Now I have heard people say that Sophos will detect unindexed files as hidden but this sounds ridiculous to me and I haven't tried to check it out. Sophos is my top pick for several reasons. It is regularly updated, almost anyone can interpret the results, and it is decent for what it does. Stand alone Anti Rootkits are almost history so one that is regularly updated is important. Now Sophos is touchy about anything unknown to it, just like your files, but I fail to see anything wrong with that. Most security programs are built to flag other programs and scripts that it does not recognize. You know what the files are, so there is no problem. Any way scan with Prevx if you think you are infected and find out.
imo, detecting your diy progs as a possible 'enemy' is a good thing! for obvious reasons.
Please excuse my ignorance, but Prevx Free is only for Rootkit detction? I noticed you added this product only in the Rootkit Section of this website.
I am not sure I understand your question exactly but I will give it a shot. Prevx Free will detect viruses, spyware, adware, rootkits, worms and pretty much all other malware there is. However, the free version only has limited removal capabilities. It is only able to remove MBR Rootkits, Zeus Trojans, and adware. I have added it to this review because it happens to be one of the best at detecting rootkits.
Got it, and thanks DLC50...You answered perfectly.
I've been using Gmer for a long time. While doing a scan today, I was also running ccleaner (maybe this was a mistake!). Suddenly, my system crashed and a purple screen came up:(....I seriously thought there was a rootkit.
Anyways, I rebooted, went to safe mode, and restored last known settings that worked. Thankfully everything was alright again.
Then I did another scan...nothing turned up!
I use Windows XP SP3
Yes you should definitely shut down all other running programs, AV's, firewalls, and anything that is running before you run a scan with any Anti-Rootkit tool. It is very rare that CCleaner is incompatible with anything yet. Also, GMER is not always going to to alert you and say "You Have a Rootkit", you have to be able to interpret the results, so if you cannot then you might download something like Prevx to let you know if you are infected.
Combofix is also an effective tool against malware. How much is it effective for rootkit removal?
A comment about Combofix at Remove Malware .com
http://remove-malware.com/malware/malware-notes/combofix-not-as-effectiv...
Yes i can definitely agree that his words are true. If you didn't read my post below then check it out. I had a bad experience with Combofix yesterday, so the whole program is just not of the same quality as it once used to be. Maybe the dev's will update it soon but I wouldn't get my hopes up because even in the past updates have been few and far between.
Ditto, DLC50...It's too bad, because a user use to be able to count on Combofix as a fairly successful last resort...
I have seen it recommended for rootkit removal on a few quality PC-Help Websites...
There are several reasons why I didn't include combofix. The main reason being that it has a lot of stability issues and bugs. Another reason is that it is very powerful and should mainly only be used when guided by tech support at one of these forums. Combofix is normally available on Bleeping Computer forums all the time but even they will not offer it for download now because of all the problems. Once it gets updated and all the bugs fixed, I might include it and write a tutorial on how to properly use it.
I've had problems on my PC for sometime now Anti-virus 2010 programme Panda and Prevx closing down. Tech guys at Panda have been remoted onto PC a number of times. Nothing was wrong/found. Yesterday same thing happened, so I decide not to fix this time and turn back on. Contacted tech guys remoted onto PC. They used Combofix, found deep hidden rootkit, which must have been there all the time. Asked to reboot, combofix updated as it rescan. I have had other people use GMER and it hasn't found anthing, in fact it did more harm to PC than good. Prevx used it before I got in contact with Panda and the PC just froze. I thought the tech guy at Prevx was doing something. And being new to all this, I sat and waited for 3 hours then decided to reboot PC. I contacted Prevx again to see what had happened, I was informed GMER had booted him off. I was reading an old PC plus mag today, it was talking about Sophos Anti-rookit so I tried this evening 3 times. Ist time it told me there were 8 hidden files at the end of the scan. I closed it down and re scanned with it this time it said 2 hidden files. The 3rd time it was 1 hidden file. How can this be because they weren't removed? I only use windows xp firewall and have been told by all security vendors I've spoken too, that this is enough. Even the guys who built the computer say this, they are also security guys. I see there is some comment about firewall and HIPs. What is this? I look forward to your training manual on combofix on how to use it. I haven't got a clue what the Panda guy did. However, I suppose from my experience and what I've witnessed combofix is pretty decentit found the rootkit. Pandas own award winning anti-rootkit didn't stop it or find it. It is very good for Spyware. I supose I should have registered. Dave
Ah yes, BleepingComputer had removed the download, because of some bug. I remember now. That has not been solved yet? :O.. wow.. its been a lot of time.
Anyways, yes, its a powerful tool, and not suitable for average users. Nevertheless, I just wanted to know if it is effective in removing rootkits.
Thanks for the reply, and information :).
As a matter of fact it is very effective or was. I haven't used it in a fairly long time. It is one of those programs that is very touchy, but when it gets working again or if they plan to update it and fix the problems, it will definitely be included but I will also have to include a tutorial. Also, their are a lot of copies of Combofix floating around the net right now and I have seen on the old combofix website and bleeping computer that the only safe place to download the app was at Bleeping Computer forums. So I searched for Combofix and their were several variations of the Combofix home page, I found combofix[DOT]org, .net, plus some like combofix3.com so be very careful and only download this at Bleeping Computer
Yes, there are several sites offering the downloads. The sites you mentioned.. combofix[DOT]org, and .net have unsatisfactory WOT ratings. BleepingComputer mentions only two sites to download ComboFix from, one of the sites being their own.
BTW, I looked up the Twitter of BleepingComputer, and the tweet of 24th Jan says the bug had been fixed and the download was available. I also checked up the download links offered on the guide here :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
and the download links seem to be working.
Thanks Anupam, I will check it out and see how stable it is. The last two or three times I have tried to use it something has gone wrong, so hopefully that is what they got fixed with the update in January. I will post back here and let you know how it goes.
Thanks for the reply :).
Hey Anupam, I just got through trying Combofix again and honestly I cannot believe that they have it available for download. Setup went ok, other than a small disagreement with OA, but about 2 minutes into a scan I got a "Critical Kernel Event Error" BSOD. I then got 3 more blue screens when trying to boot up the next three times. So I got it booted into my Win7RescuePE and ran the System File Checker and discovered was surprised to see that it found and repaired 4 damaged system files, and it also discovered 3 system files had been deleted. After I replaced the files from a backup copy I booted into windows just fine, leading me to believe Combofix is to blame.
When testing an app that is in beta or that I do not trust I always setup DebugView to capture Win32 and log kernel and verbose kernel output, and I am going through the logs right now to make sure it wasn't a conflict with OA or another program. I am running a new Beta of Online Armor but it is stable. Anyway I will check the logs and the kernel crash dump to see if it might have been a conflict somewhere. So my advice is this, if you find it absolutely necessary to use Combofix, then create a full system backup as well as your data and personal stuff, and make a full backup of the registry.
Thanks for the feedback on this DLC, and sorry that you had to go through a BSOD. Well, it was you, who recovered the system. Other users, including myself, would not have :D.
ComboFix is indeed a very powerful tool, and should not be used by just everyone. Conflict might be a cause, because ComboFix gives the warning at the start itself, to shut down any antivirus or other security software, that may be active.
I was asking about ComboFix, because my cousin's PC has got a rootkit from a pen drive. Avast detected it, but cannot find or remove it, in the scans. So, I might have to try some of the antirootkits mentioned here, and if not, I will use ComboFix as the last resort.
I found this post over at Wilders Security. Hope it helps...
"It's not possible to get an entire rootkit into a bios, but you could fit a jump or starter code in the bios, which means a persistence somewhere else along with the bios. That means a Hidden Partition Area on the HDD or modification of the nic firmware, which would be a PXE boot situation.
If there is this type of infection it would most likely be Bios/HPA-HDD.
1. Average wiping doesn't remove the HPA from the HDD.
2. If you fix only one, the infection can return.
To fix you must wipe the HDD with a program capable of wiping all partitions including HPA/DCO. Then while the HDD is dorment and free of any code, flash the bios."
I think this is one of the articles I read on the newer bios rootkits...
http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,74...
Well even now that have an education and am knowledgeable enough to get rid of a rootkit without help, they still make me nervous. But this type of rootkit that the article explains would be awful, but they just did a demonstration to show that it is possible not that in fact they cauhgt it "in the wild". In any case, the malware creators are always a step ahead so there is no telling what else they will come up with.
Who knows what else they will come up with indeed. The only real secure computer is one that has never been connected to the internet.
What if the malware infects printers and other peripheral devices, then moves back in after a wipe and reinstall ? Heck, even changing the computer would not help, you would have to change everything, all printers and peripheral devices.
I think one solution or at least a help, would be having two or three completely separate computers or systems in on box or tower. One computer strictly for business, another to deal with friends and family, another for general surfing and playing around. Not virtualization because that too can be compromised, but actual separate systems. Basically, it seems you need to dedicate a computer for a specific task, in order to stay on top of things.
John
The average user, including myself, would have to take PC into the shop to get something like this type of Rootkit cleaned out.
Once you detect a rootkit, do you need to wipe your hard drive with something like dban (I heard some kits can survive formatting) and reinstall windows, or can you scan with a few rootkit detectors and anti-malware programs and continue using the computer ?
I have even heard that some rootkits infect the bios and wiping the hard drive or even changing the hard drive will not get rid of them (good grief).
John
Yes flashing the BIOS will get rid of the rootkit if you do it at the right time. As for wiping, I always recommend wiping to people who are going to reinstall, not because it handles rootkits better, but because it will get rid of all left over file fragment and rid the HDD of any recoverable information
I have read of PC-Geek's who have bought a new Harddrive because of getting infected with a rootkit. That is the Only Sure way of "knowing" if the rootkit is gone...Prevention is the key and HIPPs and,or, Sandboxie will help there.
But if it is one of the new versions of rootkits that infect the bios, then it will return even if you change the hard drive. I guess you could flash the bios, but who knows, I guess if you get a rootkit you need to throw the computer in the trash and start over.
John
I wouldn't trash anything, and it would have to be something worse than anything I have ever seen to get me to replace the harddrive. The truth is rootkits are a pain in the back side, and some of them do an awful lot of destruction. But others do not harm the computer much. So it all depends on what variant it is and most of all, what other malware it is hiding.
It's about Prevention of Rootkits...That is or should be the top priority, and Common Sense tops that list, besides, HIPPs and Sanboxie and maybe even throw returnil into the mix.
I am writing an article that will give you a better understanding of rootkits I think. HIPS is without a doubt the best way to stop a rootkit, no scratch that running a 64 bit system with SRP and LUA is the best way to stop rootkits.
Hi DLC50,
Regarding my Dell Studio 1537 laptop, I have reinstalled on the new replacement HD, a fresh clean copy of Win 7 and so far it rebooted several tmes smoothly. Though I am a bit concerned that the image restore I had previously made on this same HD (using Acronis) may still have some rootkits hiding inside the HD? I have a copy of Kaspersky Internet Security Suite which I will install later. Is Kaspersky's TDSSkiller available in the Kaspersky Internet Security Suite version? Thank you for whatever help you can give here.
SonarB
TDSS killer can be found on the Kaspersky web site but not in their suite. It is available for free.
About the problem with your Dell PC. I believe that I can help you fix it, IRQ9 is your ACPI controller. I have dealt with a similar problem before so please contact me using this form and we will see if we can get it fixed for you. http://www.techsupportalert.com/user/13309/contact
Hi DLC50,
I have signed up and sent you my tech issue thru the contact link. Hope it is not a rootkit infection but something much easier to fix.
Thanks, SonarB
Post new comment