Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Scans


  • Please log in to reply
4 replies to this topic

#1 Doonhamer

Doonhamer

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 06 September 2008 - 03:10 PM

Hi all,

I run XP Professional SP3. My security is: Airport Extreme (hardware firewall), Sunbelt Personal Firewall, Windows Defender, BOClean, Spyware Blaster, and BitDefender Antivirus 2008 (BD). All of the software is running in real-time protection mode.

Last night before turning in, I manually initiated BD's full system scan, which is their highest level scan that inspects files, archives, and for rootkits. When I got up this morning and checked almost 8 hours later, BD was still performing the rootkit scan. I know from past experience that scanning everything else on my system, other than rootkits, only takes between one and two hours.

Is it normal in general for a rootkit scan to take six hours or more, or is BD's implementation just slow? Just curious. If it takes that long, I'll learn to live with it.

Thanks!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:26 AM

Posted 06 September 2008 - 08:31 PM

It sounds a bit long. Perhaps you should disable the all tools except for the firewall. Try running again from safe mode.

How to start Windows in Safe Mode
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Doonhamer

Doonhamer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 06 September 2008 - 11:35 PM

It sounds a bit long. Perhaps you should disable the all tools except for the firewall. Try running again from safe mode.

How to start Windows in Safe Mode


Thanks for that advice; I'll give that a try tomorrow and see how it goes.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:26 AM

Posted 08 September 2008 - 11:54 AM

Most anti-rootkit scanners will not work in safe mode because they utilize a driver which is required for the scanning process and that driver will not load in safe mode. Further, there are rootkit variants (haxdoor) that run in safe mode so the usual reason for running a scan in that mode does not apply.

Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
Note: Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. You should not be alarmed if you see any hidden entries created by these software programs after performing a scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:26 AM

Posted 08 September 2008 - 12:11 PM

Forgot to mention, you should also Clean out your temporary files first.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users