ROOTKITS

[pistonbroke1957]

Morning Campers.
Need some advice on how to get rid of ROOTKITS
AVG picked 6 of them up on a scan but can't 'heal' them.
They show on the results as 'hidden' and when i try to
remove them the results say they are 'inaccessible'.
They are all 'CORRUPTED SECTION WIN32K.SYS(TEXT)'
I ran RKILL and MALWAREBYTES prior to AVG but these didn't detect
any issues.
Am running WINDOWS 7 HOME PREMIUM.
Cheers

[BillyGoat]

Wipe/re-install.

My thinking: if there are 6 that are detected, what else has been left. ADS streams, hidden locations, altered system files, keyloggers, download agents - whatever else!!!

Protect yourself and your data - wipe, re-install and be wary of where you download files from and what you accept from people.

With so many free alternatives for software, I still see people saying "got it from bit torrent - readme says it's a real copy". Yeah. OK. Course it is.....

I've met the foresnsic guys at a major software company - you would be amazed what gets changed in shared files. Scary stuff.

BG

[RichieP]

TDSS Killer and GMER
Change the filenames before running them.

[pistonbroke1957]

Cheers guys

[Megaross]

Kapersky rescuedisk, yet to come accross a rootkit it won't kick out. Great bit of software.

[SteveOC]

I used to run something, I seem to recall it was Blacklight.

Anyhow, I ran the two programs that RichieP posted links to just out of curiosity.

TDSS Killer ran no problem.

GMER either hangs my Netbook or seems to run forever, then if left unattended crashes and forces a Reboot.

I might look at the Kapersky option.

Steve O.