Helping people with computers... one answer at a time.
Rootkits are definitely dangerous and immediate steps need to be taken to clean this machine.
Hi, Leo. Are all rootkits dangerous? I have had 28 that cannot be removed since April of last year. I don't seem have any of the obvious problems, but I wonder if they are necessary to remove by other than convenient methods. My AVG free rootkit removal tool cannot remove them. Thank you.
•
In this excerpt from Answercast #41, I look at a case with numerous rootkits found on a machine – it definitely needs cleaned.
•
Rootkits
Are all rootkits dangerous? Boy, you know, they are certainly intended to be; I'll put it that way!
Rootkits are rootkits for a reason:
-
They are there to hide from you.
-
They are there specifically to do something that you would not normally want your computer to do.
Is it dangerous?
Depends on your definition of danger. The only safe answer is that yes; rootkits, all rootkits, are potentially dangerous.
That means, in a situation like yours, you definitely need, in my opinion, to find a rootkit removal tool that will remove all of those rootkits that you have on your machine.
Potential reinstall
Twenty eight is an incredible number!
If you cannot find an anti-malware tool that actually does the rootkit removal that you're looking for (I would have expected AVG to be able to do it), then I think you may want to seriously consider:
-
Backing up your machine and,
-
Reinstalling Windows.
Yes, personally, I believe that rootkits are that serious, especially if you've got 28 of them, so give it some thought.
Rootkit removal
Have a look for a better rootkit removal tool. I honestly don't have one to recommend for you right now; otherwise, I would.
- Most of the commercial tools do a fine job.
I'm hoping that what you really have is one rootkit that happens to manifest
in 28 different ways to AVG. But nonetheless, the number 28 really scares me. I
think it's very likely that you have something that you really, really don't
want on your machine.
Next from Answercast 41 – How can I send a document to someone securely?
Article C5658 - August 5, 2012 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
August 7, 2012 5:16 PM
I hate to ask a dumb questiion but how can I tell if any rootkits inhabit my computer?
August 8, 2012 7:54 AM
Leo, I couldn't help but notice you mentioned nothing about Microsoft's "Windows Defender Offline" (formerly known as System Sweeper). It's a rootkit remover, yes?
August 8, 2012 8:06 AM
I am also sceptical about the 28: whenever I have seen one it has created a lot of obvious, severe damage.
In my experience, the only program which has been really effective in removing them is ComboFix, but it has to be used with care, as it can itself be damaging. If you search it, read the instructions carefully before use. It's free.
August 9, 2012 1:39 AM
On ComboFix et al: Tools like it are industrial standard and not to be handled by amateurs. Let knowledgeable guys tell you what to do, step by step, using an advisory forum. I had good experience with Tom Coyote's WhatTheTech in the days of XP; past that OS, there have hardly been any issues. Make sure you do exactly as they tell you, and stick with them until the problem is resolved.
August 10, 2012 6:40 AM
Hi
Know of course that rootkits are prob the most dangerous of all. You could have one and not know about it is the obvious reason.
Still I do as an OAP have to rely on freebies.
At the moment I use HitManPro (Force Breach mode), CCE (Comodo) and tdsskiller (Kaspersky). I also use other scans that are supposed to detect and remove rootkits. Of course I am not 100% confident with all this and my research is ongoing.
Any ideas without guaranties Leo?