Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Help needed to determine possible rootkit

  • Please log in to reply
2 replies to this topic

#1 MagicTux


  • Members
  • 27 posts
  • Local time:05:13 AM

Posted 29 February 2016 - 11:17 AM

Hi guys!

I might need some help on doing further check-up.
I have recently noticed strange sounds from my computer, even at idle. It sounds like there is some kind of load on either the gfx, hdd or both.

I have scanned with Bitdefender, Malwarebytes Anti Malware without any results. After that I scanned with RogueKiller. RogueKiller finds a lot of IAT:Addr (Hook.IEAT) under the AntiRootKit column. Under the Files/Folder column it detects Hidden.ADS



I have tried to see if I could find anything with ProcessExplorer, but all running services looks legit.

I have also formatted and reinstalled my PC with fresh Windows. Scanned with RogueKiller immediately and found nothing.
After that I installed all my programs and programmed for a while and then I wanted to do another scan with RogueKiller. This time it finds the same entries as from the screenshots again.

A thing I noticed when I had to reinstall Windows 7. When you have to choose where you want to install you have to create partitions. Windows 7 automatically creates a System Reserved Partition with the size of 100 MB, right?

When you create the System Reserved Partition the first time it allocates 100 MB size and you have 86 MB available. I noticed mine only had some like 60 MB free which means the System Reserved Partition had something else on than the normal MBR or am I wrong?

I have tried Kaspersky TDSSKiller without any luck and I have scanned with GMER to check for false positives, but GMER detects a lot more than RogueKiller. My last questions is am I infected or what? And what should I do from here on.

BC AdBot (Login to Remove)



#2 Will5200


  • Members
  • 141 posts
  • Gender:Male
  • Location:United States
  • Local time:10:13 PM

Posted 29 February 2016 - 11:56 AM

"Kaspersky TDSSKiller without any luck". Did you restart into safe mode first? Also, Malwarebytes (free) can be configured for Root Kits, Settings - Detection and Protection - Scan for rootkits. Cheers.

#3 MagicTux

  • Topic Starter

  • Members
  • 27 posts
  • Local time:05:13 AM

Posted 29 February 2016 - 12:29 PM

Actually I did not restart into safe mode first. I have formatted my PC and flashed the BIOS. Malwarebytes and other programs doesn't find anything. I'm quite desperate and I have considered just wipping all disks.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users