NoName Posted July 15, 2007 Share Posted July 15, 2007 I am trying to remove a rootkit from my computer (using AVG Anti-Rootkit) but for some reason after i remove it and restart it just shows up again so does anyone have any other software they like for rootkits for me to tryThis was the result of the scanC:\WINDOWS\System32\Drivers\a2fz076p.SYS,Hidden driver fileThanks Link to comment Share on other sites More sharing options...
gamehead200 Posted July 15, 2007 Share Posted July 15, 2007 Did you try removing it while in Safe Mode? You might also want to disable System Restore before removing it. Link to comment Share on other sites More sharing options...
NoName Posted July 16, 2007 Author Share Posted July 16, 2007 i dont keep system restore on and i think AVG's Anti-Rootkit removes it after you restarti did boot into safe mode and tried scanning my computer with Ad-Aware and AVG Anti-Virus but both come up with nothing so i restart and scan again with Anti-Rootkit but its back but has a different nameso any other ideas Link to comment Share on other sites More sharing options...
cluberti Posted July 17, 2007 Share Posted July 17, 2007 Have you tried running Rootkit Revealer to see if it's really gone, or if it's still on the box? Also, I'd go to this site and start poking around at your box with some of the methods here to see if you can ferret it out. There's really good stuff there. Link to comment Share on other sites More sharing options...
ilko_t Posted July 18, 2007 Share Posted July 18, 2007 (edited) If it came up with different name that means something recreates it, you need to scan for other malware in your startup entries with Autoruns and/or HiJackThis. Because the rootkit most likely will hide them from such scanners when active, you better use GMER to restore code if possible and then do the scan for startup entries.Once you figure out all of them delete in one go, files using Pocket Killbox for example and reg. entries with HiJackThis/AutoRuns, do not restart between cleaning as this will recreate some of them.Another idea is to rename HiJackThis to myscan.exe or random name, so the rootkit will not guess that it's running.The antivirus programs you are scanning with are not the most famous with their detection rates, try using them along with Kaspersky (even the online scan) in combination with DrWeb.If you still have troubles please rename HiJackThis and post it's log file here, that's the best thing to start with.Mind you even in safe mode it's very likely some of the malware to be still active. For severe infections manual removal is the only way, do not expect ad-aware or similar tools to do the job for you, this will give you better chances when unknown malware is present.If you are interested here is exceptional presentation from the great Mark Russinovich how to fight malware, including rootkits:http://www.microsoft.com/emea/itsshowtime/...spx?videoid=359 Edited July 18, 2007 by ilko_t Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now