I know every one of your Expert hjt analysts here have and I'm quite sure there are a number of other experts out there that have as well...do you have a question about it we can help with?
A
rootkit is a set of software tools intended to
conceal running processes, files or system data from the operating system. As such, they won't be detected by "normal" scanners [i.e., anti-virus, (generic) anti-spyware]. That's why security companies are developing specialized anti-rootkit scanners, that probe specifically for these. AVG anti-rootkit is just one example.
keep the following in mind:
(AVG) anti-rootkit is looking only for rootkits, but NOT for viruses in general... so if it reports that you're "clean", it's referring to just to rootkits --- but you may still have an abundance of viruses [or other malware] present.
Since rootkits are written specifically to conceal themselves, if an anti-rootkit says your "clean", it might still be the case that you actually have a rootkit that the the anti-rootkit just didn't find...
[avg anti-rootkit doesn't get updated "regularly", as does an anti-virus program]
and if it does find a rootkit, the question is whether it can successfully [i.e., safely] remove it... if the rootkit digs deeply-enough into ones operating system, i believe it could be problematic to remove.
Having said all this: I believe it safe to
SCAN for rootkits using AVG anti-rootkit.
If nothing is found, just keep in mind that you could still have other, non-rootkit issues with your system.
And if a rootkit IS found, I would suggest you research the matter... for example, in this forum... before you simply remove it.
I've "tinkered" with some other anti-rootkit programs. Most are still BETA versions, so you want to proceed with caution on these. Also, some scanners will automatically remove "infections" without asking for your confirmation, and I would be especially leery of any program that defaults to doing so.
I welcome comments and criticism from the HJT experts, in case I've mis-stated anything here.
Here is some good reading and it includes a CD with rootkit and removal applications:
Rootkits for Dummies (Paperback)
by Larry Stevenson (Author), Nancy Altholz (Author)
I have no financial interest in the above book. It is available at most bookstores and online.
My guess is that
This Link is where you found the AVG Anti-Rootkit?
If so, there is probably no better information
for you than what appears there.
I also noted that you had said:
Quote: I am always looking for any programs that can
help against attacks on my computer
...and since it hasn't been said yet, I should caution you, if you intend to use AVG Anti-Rootkit you need to know that it does nothing to prevent or "help against attacks" on your computer.
Additionally, you should keep your anti-rootkit scan log and take it to one of the various specialty forums to have one of the experts determine what is or isn't safe to remove...if you just scan with it and indiscriminately choose to delete everything it finds, you just may find your own Firewall no longer works for you.
It may help to better explain exactly what is meant by the term "rootkit". When the rootkit malware began to make it's debut the "tech talk" came about be using the two words separately...root, and kit.
While the discoverer referred to malware taking up residence in the root directory (which is where windows is installed), it was discovered that a kit (or, set of tools) was also installed that served to hide the malware. Thus, the terms were used together to define this type of malware...rootkit. A rootkit hides files from the windows
API (among which is windows explorer) so that most common management applications would not be able to find the malware either.
On a final note, it is extremely important to note that not all rootkits your scanner finds will be bad...don't panic if your scanner should find one or several. Other applications ALSO use this same stealth technology. If you are concerned about a possible rootkit problem with your computer, I'd say your best approach would be to post your concern in one of the specialized forums.
A list of appropriate forums for such investigative expertise is also listed
Here under
Bugbatter's recommendations at the bottom.
To offer an example as to why you might do better by posting your concern in one of the specialized forums, I would point out that although you can research issues on your own, there are some findings that might cause confusion for the novice user. If that's not you then you can stop here...if it is, read on please.
One of the latest rootkit problems spreading out on the web comes from an ecard most often in your email. This latest variant hasn't been given a name yet (that I know of) other than it's file name and the icon that it leaves on the desktop...
gop.exe.
If you were to have been unfortunate enough to find
This Link on your search for answers as to whether or not this file is causing you problems then you would ignore it...and, the next time you shut down the computer and try to restart it you'd find a continuous rebooting system that's of no use to you.
The Prevx software is an excellent antivirus application but their file research data base isn't always up to date. In fact their software detects and removes this malware but for those who don't have such protection, their research data base could possibly anger a few folks if they were to depend on it.
Their updated information is
Here but would only serve to confuse the researcher.
1972vet
3.3K Posts
0
August 9th, 2007 03:00
tenorsax
19 Posts
0
August 9th, 2007 04:00
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
August 9th, 2007 12:00
Message Edited by ky331 on 08-09-2007 11:08 AM
Bugbatter
20.5K Posts
0
August 9th, 2007 16:00
Some scanners do have AV as well as rootkit detection. For example: F-Secure Online Scanner
Here is some good reading and it includes a CD with rootkit and removal applications:
Rootkits for Dummies
(Paperback)
by Larry Stevenson (Author), Nancy Altholz (Author)
I have no financial interest in the above book. It is available at most bookstores and online.
mombodog
12.7K Posts
0
August 12th, 2007 18:00
Bugbatter
20.5K Posts
0
August 12th, 2007 23:00
1972vet
3.3K Posts
0
August 13th, 2007 00:00
If so, there is probably no better information for you than what appears there.
I also noted that you had said:
Quote:
I am always looking for any programs that can help against attacks on my computer
...and since it hasn't been said yet, I should caution you, if you intend to use AVG Anti-Rootkit you need to know that it does nothing to prevent or "help against attacks" on your computer.
Additionally, you should keep your anti-rootkit scan log and take it to one of the various specialty forums to have one of the experts determine what is or isn't safe to remove...if you just scan with it and indiscriminately choose to delete everything it finds, you just may find your own Firewall no longer works for you.
It may help to better explain exactly what is meant by the term "rootkit". When the rootkit malware began to make it's debut the "tech talk" came about be using the two words separately...root, and kit.
While the discoverer referred to malware taking up residence in the root directory (which is where windows is installed), it was discovered that a kit (or, set of tools) was also installed that served to hide the malware. Thus, the terms were used together to define this type of malware...rootkit. A rootkit hides files from the windows API (among which is windows explorer) so that most common management applications would not be able to find the malware either.
On a final note, it is extremely important to note that not all rootkits your scanner finds will be bad...don't panic if your scanner should find one or several. Other applications ALSO use this same stealth technology. If you are concerned about a possible rootkit problem with your computer, I'd say your best approach would be to post your concern in one of the specialized forums.
A list of appropriate forums for such investigative expertise is also listed Here under Bugbatter's recommendations at the bottom.
1972vet
3.3K Posts
0
August 13th, 2007 00:00
One of the latest rootkit problems spreading out on the web comes from an ecard most often in your email. This latest variant hasn't been given a name yet (that I know of) other than it's file name and the icon that it leaves on the desktop... gop.exe.
If you were to have been unfortunate enough to find This Link on your search for answers as to whether or not this file is causing you problems then you would ignore it...and, the next time you shut down the computer and try to restart it you'd find a continuous rebooting system that's of no use to you.
The Prevx software is an excellent antivirus application but their file research data base isn't always up to date. In fact their software detects and removes this malware but for those who don't have such protection, their research data base could possibly anger a few folks if they were to depend on it.
Their updated information is Here but would only serve to confuse the researcher.
tenorsax
19 Posts
0
August 23rd, 2007 00:00
Message Edited by tenorsax on 08-22-2007 09:00 PM