Remove rootkit

[NoName]

I am trying to remove a rootkit from my computer (using AVG Anti-Rootkit) but for some reason after i remove it and restart it just shows up again so does anyone have any other software they like for rootkits for me to try

This was the result of the scan

C:\WINDOWS\System32\Drivers\a2fz076p.SYS,Hidden driver file

Thanks

[gamehead200]

Did you try removing it while in Safe Mode? You might also want to disable System Restore before removing it.

[NoName]

i dont keep system restore on and i think AVG's Anti-Rootkit removes it after you restart

i did boot into safe mode and tried scanning my computer with Ad-Aware and AVG Anti-Virus but both come up with nothing so i restart and scan again with Anti-Rootkit but its back but has a different name

so any other ideas

[cluberti]

Have you tried running Rootkit Revealer to see if it's really gone, or if it's still on the box? Also, I'd go to this site and start poking around at your box with some of the methods here to see if you can ferret it out. There's really good stuff there.

[ilko_t]

If it came up with different name that means something recreates it, you need to scan for other malware in your startup entries with Autoruns and/or HiJackThis. Because the rootkit most likely will hide them from such scanners when active, you better use GMER to restore code if possible and then do the scan for startup entries.

Once you figure out all of them delete in one go, files using Pocket Killbox for example and reg. entries with HiJackThis/AutoRuns, do not restart between cleaning as this will recreate some of them.

Another idea is to rename HiJackThis to myscan.exe or random name, so the rootkit will not guess that it's running.

The antivirus programs you are scanning with are not the most famous with their detection rates, try using them along with Kaspersky (even the online scan) in combination with DrWeb.

If you still have troubles please rename HiJackThis and post it's log file here, that's the best thing to start with.

Mind you even in safe mode it's very likely some of the malware to be still active. For severe infections manual removal is the only way, do not expect ad-aware or similar tools to do the job for you, this will give you better chances when unknown malware is present.

If you are interested here is exceptional presentation from the great Mark Russinovich how to fight malware, including rootkits:

http://www.microsoft.com/emea/itsshowtime/...spx?videoid=359

Edited July 18, 2007 by ilko_t