Start a Conversation

Unsolved

This post is more than 5 years old

8345

August 9th, 2007 01:00

avg rootkit remover

Has anyone had experience using this free program?

3.3K Posts

August 9th, 2007 03:00

I know every one of your Expert hjt analysts here have and I'm quite sure there are a number of other experts out there that have as well...do you have a question about it we can help with?

19 Posts

August 9th, 2007 04:00

I am always looking for any programs that can help against attacks on my computer and
came across this but was unable to find any usefull info on this program. Does this program
merit any consideration?

3 Apprentice

 • 

15.3K Posts

August 9th, 2007 12:00

A rootkit is a set of software tools intended to   conceal  running processes, files or system data from the operating system.   As such, they won't be detected by "normal" scanners [i.e., anti-virus, (generic) anti-spyware].   That's why security companies are developing specialized anti-rootkit scanners, that probe specifically for these.  AVG anti-rootkit is just one example.
 
keep the following in mind:
 
(AVG) anti-rootkit is looking only for rootkits, but NOT for viruses in general... so if it reports that you're "clean", it's referring to just to rootkits --- but you may still have an abundance of viruses [or other malware] present.
 
Since rootkits are written specifically to conceal themselves, if an anti-rootkit says your "clean", it might still be the case that you actually have a rootkit that the the anti-rootkit just didn't find...
[avg anti-rootkit doesn't get updated "regularly", as does an anti-virus program]
 
and if it does find a rootkit, the question is whether it can successfully [i.e., safely] remove it... if the rootkit digs deeply-enough into ones operating system, i believe it could be problematic to remove.
 
Having said all this:   I believe it safe to  SCAN  for rootkits using AVG anti-rootkit.  
If nothing is found, just keep in mind that you could still have other, non-rootkit issues with your system.
And if a rootkit  IS  found, I would suggest you research the matter... for example, in this forum... before you simply remove it.
 
I've "tinkered" with some other anti-rootkit programs.   Most are still BETA versions, so you want to proceed with caution on these.   Also, some scanners will automatically remove "infections" without asking for your confirmation, and I would be especially leery of any program that defaults to doing so.
 
I welcome comments and criticism from the HJT experts, in case I've mis-stated anything here.


Message Edited by ky331 on 08-09-2007 11:08 AM

3 Apprentice

 • 

20.5K Posts

August 9th, 2007 16:00

I've never had any problem with AVG AR and it is one of the more user friendly rootkit scanners.

Some scanners do have AV as well as rootkit detection. For example: F-Secure Online Scanner

Here is some good reading and it includes a CD with rootkit and removal applications:
Rootkits for Dummies
(Paperback)
by Larry Stevenson (Author), Nancy Altholz (Author)

I have no financial interest in the above book. It is available at most bookstores and online.

12.7K Posts

August 12th, 2007 18:00

The best I have found so far, updated installers on a regular basis.
 
 

3 Apprentice

 • 

20.5K Posts

August 12th, 2007 23:00

GMER is not quite as user-friendly as some of the others, though. You would need to be able to decipher its findings.

3.3K Posts

August 13th, 2007 00:00

My guess is that This Link is where you found the AVG Anti-Rootkit?

If so, there is probably no better information for you than what appears there.

I also noted that you had said:
Quote:
I am always looking for any programs that can help against attacks on my computer

...and since it hasn't been said yet, I should caution you, if you intend to use AVG Anti-Rootkit you need to know that it does nothing to prevent or "help against attacks" on your computer.

Additionally, you should keep your anti-rootkit scan log and take it to one of the various specialty forums to have one of the experts determine what is or isn't safe to remove...if you just scan with it and indiscriminately choose to delete everything it finds, you just may find your own Firewall no longer works for you.

It may help to better explain exactly what is meant by the term "rootkit". When the rootkit malware began to make it's debut the "tech talk" came about be using the two words separately...root, and kit.

While the discoverer referred to malware taking up residence in the root directory (which is where windows is installed), it was discovered that a kit (or, set of tools) was also installed that served to hide the malware. Thus, the terms were used together to define this type of malware...rootkit. A rootkit hides files from the windows API (among which is windows explorer) so that most common management applications would not be able to find the malware either.

On a final note, it is extremely important to note that not all rootkits your scanner finds will be bad...don't panic if your scanner should find one or several. Other applications ALSO use this same stealth technology. If you are concerned about a possible rootkit problem with your computer, I'd say your best approach would be to post your concern in one of the specialized forums.

A list of appropriate forums for such investigative expertise is also listed Here under Bugbatter's recommendations at the bottom.

3.3K Posts

August 13th, 2007 00:00

To offer an example as to why you might do better by posting your concern in one of the specialized forums, I would point out that although you can research issues on your own, there are some findings that might cause confusion for the novice user. If that's not you then you can stop here...if it is, read on please.

One of the latest rootkit problems spreading out on the web comes from an ecard most often in your email. This latest variant hasn't been given a name yet (that I know of) other than it's file name and the icon that it leaves on the desktop... gop.exe.

If you were to have been unfortunate enough to find This Link on your search for answers as to whether or not this file is causing you problems then you would ignore it...and, the next time you shut down the computer and try to restart it you'd find a continuous rebooting system that's of no use to you.

The Prevx software is an excellent antivirus application but their file research data base isn't always up to date. In fact their software detects and removes this malware but for those who don't have such protection, their research data base could possibly anger a few folks if they were to depend on it.

Their updated information is Here but would only serve to confuse the researcher.

19 Posts

August 23rd, 2007 00:00

Sorry for getting back to this post so late as life has been keeping me busy. Thanks to everyone
who responded to this post as I have learned alot from your responses. Although I rarely post
I am always appreciative of the vast knowledge everyone has for helping others. Thanks again!!
 
                                            


Message Edited by tenorsax on 08-22-2007 09:00 PM
No Events found!

Top