After running the above rootkit tools if nothing is found try these.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
I had run the f-secure facility and found some files (rootkit). I need to learn how to remove them now.
I also downloaded the Spyware Terminator, run a scan and found some traces of Trojans, delete them all.
Then, looking at this software I can see it has almost the same facilities than Avast. Does it make any difference in having either of them installed? I mean is one better than the other? Is there any compatibility problem if I have install both?
First do not harm… send files to Quarentine before deleting them… It’s safer, it prevents false positives and allow restoration.
Carlos, Spyware Terminator is compatible with avast. Even if you use its internal integration with Clam antivirus. But it could be redundant and you could see performance troubles. If you want to try, start using without Clam integration and disable Windows Defender (redundant and weaker than ST). Test if your computer does not get that slow that makes work uncomfortable. 8)
Although avast has some spyware detection, it’s an antivirus.
Spyware Terminator is an antitrojan and antispyware, not an antivirus (without ClamAv integration).
Firstly the ones that I listed should be able to deal with any rootkit detections it finds. If not there should at least be a file name and location, etc. of the rootkit. Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm.
More importantly what did it indicate (and can you find it using explorer) ?
I would hope that anything found has been dealt with, that should allow avast to see anything it was hiding and importantly you should be able to restore the missing file.
Try a repair of avast. Add Remove programs, select ‘avast! Anti-Virus,’ click the Change/Remove button and scroll down to Repair, click next and follow. You need to be on-line to do this.
As Tech mentions, when you have an option, deletion is not a good first option you have none left. There should be no problem with ST as Tech mentions but the integration of the AV I would also say isn’t advisable.
question for you davidr and/or tech-if you have a clean system(hopefully)and have good protection is there any need for a rootkit scanner and removal program as the avg free one ??? :
The rootkit scanners are specific tools used for specific tasks, if you are experiencing problems that are malware related and you are apparently clean.
These tools are also regularly updated so the worth of having it sitting in wait is perhaps akin to using an AV with out of date signatures trying to find new malware.
Whilst there is no overhead in having a few to hand on your hard disk (I have several, usually for reference), I don’t run them on a regular basis. If I wanted/needed to run them I would download the latest version.
General cleaning tools and protection (avast & antitrojan) does not offer rootkit protection. These are different things. So, my answer is yes, there is such a need.
Sorry, but since my last note (a few minutes ago) I run again the F-Secure software, just to see what kind of files it finds.
F-Secure found extensions such as txt, xml, exe, hlp, dll, png, sys, and jpg. Are all these files “rootkits”? Or is there a particular files extension to be concern with.
I can find the files, that is not a problem. I also know almost the meaning of all of them. The problem is what do I do with them.
If I find them with windows I could delete them all. But it looks like this is not the best option. What do I do with the files found by F-Secure?
I honestly haven’t any idea as just providing the file types is of little help, what are the full file names and their locations ?
What does blacklight say about them ?
Have you run any of the other anti-rootkit tools and do they confirm any of the files from blacklight ?
For suspect files you can seek other confirmation:
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.