Not all rootkits/hidden components
detected by anti-rootkit (ARK) scanners and security tools are malicious
. Most ARK tools check for rookit-like behavior which is not always indicative of a malware infection. It is normal for a Firewall, anti-virus and anti-malware software, CD Emulators
, virtual machines, sandboxes
and Host based Intrusion Prevention Systems (HIPS) to exhibit rootkit-like behavior or hook
into the OS kernal/SSDT (System Service Descriptor Table) in order to protect your system. SSDT is a table that stores addresses of functions that are used by Windows. Whenever a function is called, Windows looks in this table to find the address for it. Both Legitimate programs and rootkits can hook into and alter this table.
If you are are using a CD Emulator
, Alchohol 120%
) be aware they use hidden drivers
files) with rootkit-like techniques to hide from other applications. When dealing with a malware infection, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results, false detection
of legitimate files, cause unexpected crashes, BSODs
, and general 'dross' which often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by CM Emulators.
CD Emulators typically utilize system drivers with names consisting of random alpha-numeric characters which can change after rebooting the computer. Other legitimate programs may use system drivers with names consisting only of random numerical characters which too can change after reboot.
Usually when a computer is infected with malware there most likely will be obvious indications (signs of infection
and malware symptoms
) that something is wrong.
If you want a more comprehensive look at your system for possible malware by our experts, there are advanced tools which can be used to investigate but they are not permitted in this forum. Please follow the instructions in the Malware Removal and Log Section Preparation Guide
. When you have done that, start a new topic and post your logs
in the Virus, Trojan, Spyware, and Malware Removal Logs forum
, NOT here
, for assistance by the Malware Response Team. If HelpBot
replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.
If you choose to post a log, please reply back in this thread with a link to the new topic.