Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
General Security
Go to first new post Neighbor Piggybacking
Go to first new post Security -Expert installed multiple remo ...
Go to first new post Solved: not sure?about site
Go to first new post Computer security, may have been hacked ...
Go to first new post Account Maintenance/Upgrade
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory monitor motherboard network operating system printer problem ram registry router slow software sound svchost.exe toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
How do you deal with rootkits on Windows?

Reply  
Thread Tools
tomdkat's Avatar
Computer Specs
Distinguished Member with 7,127 posts.
  
Join Date: May 2006
Location: S.F. Bay Area, CA
Experience: Intermediate
06-Jan-2009, 05:29 PM #1
How do you deal with rootkits on Windows?
Is it common for rootkits to prevent the execution or installation of software on Windows? How do would you know if you were infected with a rootkit?

Peace...
Register for free to hide this ad!
AKAJohnDoe's Avatar
Senior Member with 1,348 posts.
  
Join Date: Jun 2007
Experience: Once, again if I like it
06-Jan-2009, 06:17 PM #2
I would probably run GMER or HiJackThis or manually look in the hidden PNP drivers in Device Manager. Secondarily I might use the SysInternals Suite. Beyond that there is MBAM and SAS.
Imanuel4u's Avatar
Member with 38 posts.
  
Join Date: Nov 2008
07-Jan-2009, 10:37 AM #3
I would use SAS.
mrss's Avatar
Registered User with 722 posts.
  
Join Date: Jun 2007
07-Jan-2009, 12:37 PM #4
My opinion is to run a fixmbr occasionally. Some of the badder rootkits can hide in the Master Boot Record and can't be easily seen/touched by windows applications.

However, their resultant actions are often caught by heuristic or HIPS scanners and the files they generate are sometimes caught by signature scanners after they have been detected in the field by the AV writers.




.
tomdkat's Avatar
Computer Specs
Distinguished Member with 7,127 posts.
  
Join Date: May 2006
Location: S.F. Bay Area, CA
Experience: Intermediate
08-Jan-2009, 04:33 PM #5
Thanks for the replies. I just found a link to the "Rootkit Revealer" by Microsoft. Has anyone here used this utility?

Peace...
Elvandil's Avatar
Computer Specs
Moderator with 48,924 posts.
  
Join Date: Aug 2003
Location: Vermont
Experience: "Been through the mill."
08-Jan-2009, 04:56 PM #6
Generally, I boot from another Windows installation (like UBCD4Win) and check my drivers. Each time I have found drivers in the Drivers folder (and services in the registry) that were hidden by the rootkit. They are easily removed this way, and then a scan cleans up the rest.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 12:25 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.