Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What is the best "Rootkits removal" tool?


  • Please log in to reply
8 replies to this topic

#1 Clydesdale™

Clydesdale™

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 23 April 2009 - 09:45 PM

My AVG detects 28 Rootkits but won't clean them out. I contacted AVG and we've emailed each other several times but no results from them yet.

So, what is the best "Rootkits removal" tool; free or not free? I'll pay if I have to. I read Panda has a good free one.

Any input would be appreciated.

Thanks

Edited by Clydesdale™, 23 April 2009 - 09:46 PM.

Clydesdale™

BC AdBot (Login to Remove)

 


#2 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:41 PM

Posted 24 April 2009 - 01:38 AM

If you have rootkits, best thing to do is to format your drive and start over. Even if you can get rid of the rootkits, there is no program you can use to do that which can guarantee your system is ever safe once you have a rootkit on it, without formatting your drive. Most experts say it is not safe after one of those unless you reformat and with you having 28, forget trying, just reformat and reinstall

#3 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:05:41 PM

Posted 24 April 2009 - 07:13 AM

I agree with Stang777

#4 Clydesdale™

Clydesdale™
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 24 April 2009 - 10:25 AM

I agree with you guys but this is in my work PC and I'm not allowed to reformat it so I'll try the Panda or wait for AVG to get back to me or start looking for a new job. If this infects other PCs or the server, it'll cost me my job.

Thanks guys.
Clydesdale™

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 24 April 2009 - 05:23 PM

Hello Clydesdale™.

Please read over this post before performing any steps.

If Format is not an option, I suggest you start a new topic over here afterwards. Please read this guide FIRST. Step 6 is what we need to see in your topic. I'm sure a HJT Team member can help you out. Please note you may need to wait for a while since we have over 700 logs that needs to be answered currently.

Before, you start a topic over there, I want to make sure that it is a active rootkit and not a FP or anything related to that. Can I see the AVG report so I know what it's detecting please?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 Clydesdale™

Clydesdale™
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 24 April 2009 - 05:44 PM

Thanks for the help Extremeboy.

Absolutely, I'll give you that AVG report first thing Monday morning when I go back to work.

TTY then.

Thanks
Clydesdale™

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 24 April 2009 - 07:13 PM

No problem.

Thanks for letting me know.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 Clydesdale™

Clydesdale™
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 27 April 2009 - 08:17 AM

extremeboy,

Is this what you want?

Posted Image

I checked my e-mails this morning and there was a reply from AVG; this:

thank you for your email.

Please let us inform you that all the samples you have sent us were
virus-free based on our analysis.

In order to remove the rootkit we would like to offer you our brand
new Remote Access service.

Remote Access service means that one of AVG Technicians connects to
your computer directly by using the Remote Desktop Connection tool.
The AVG Technician will remotely carry out all steps necessary to
resolve the reported issue on your computer.

This remote access is powered by LogMeIn Rescue ®, a service of
LogMeIn, Inc. ("LMI").
........................


I had 28 rootkits; did a scan this morning and now have 29. Do you still want me to open a new thread as you suggested?
Clydesdale™

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 27 April 2009 - 07:32 PM

Hello.

A very nasty infection you have here. If AVG can't remove it which it probably can't I suggest you start a topic over here. I'm not sure if I really "like" the idea of what they said in the e-mail: "Remote Access service means that one of AVG Technicians connects to your computer directly by using the Remote Desktop Connection tool." Not that it's bad or anything but I don't find it very safe since the rootkit is probably still active.

Read the Preparation Guide Before Starting a Topic FIRST: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

In step 6 it tells you to run DDS. Please do so and start a new topic and post the log in the topic you started in the HJT-Malware Removal forum.


Regarding rootkits a few things you should be aware of.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach.

Good luck! Let me know once you started a topic over there, so we can close this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users