Is there a way to positively tell me whether or not I have a rootkit?

[newbie2247]

My laptop has been hinky all summer. Now and then it is slower than usual, freezes up,

my scheduled scan won't occur, it sometimes takes a very very long time loading (I get

hypnotized watching that durn blasted circle go round and round) and some other

strange, totally out-of-the-blue kinds of things. Two other major issues immediately come

to mind.

One is, unexplicably my Sticky Notes program stopped working - just got sick and died.

It will Open up and the data I put there ages ago is still there but I cannot do anything at all

except Close up. I'm pretty frustrated as I've tried everything I've found online and can't fix

it. Naturally I didn't get a disk upon purchase. (Never did with any of our computers.)

So, now I'm thinking that's where some clever rootkit attached itself and corrupted this

feature. The application is in C://Windows/System32 and I read online that it should be

listed there like so: NAME: StikyNot.exe TYPE: Application. Mine doesn't look like that

in one detail only. That is the name - mine does not have the ".exe" after it - so it reads as

just plain StikyNot.

The other issue has me convinced, despite everything I've read in the ESET Threat Blog,

that I have Win64/Sirefef or ZeroAccess. At least once a week when booting up or after

a restart, I get that "kernel" error message from ESET. Bingo!
According to sites all over the `Net, that is the classic symptom - the most common one.

Therefore, I believe I must have it.
1) If so, I'd love to know how it got past ESET and Webroot.

2) Plus why isn't any program detecting it?

3) Why hasn't any of the 20 or so solutions I've tried on all the legitimate sites like

Wilders and BleepingComputer detected
it and removed it?


I have been using Nod32 AV for many years as well as Webroot Prevx SafeOnline. I also use

on-demand programs periodically like Malwarebytes Pro for example. Since these

always come out clean, "No Malicous/Threats Found" how can I Absolutely and Definetly

tell if I have the ZeroAccess rootkit or not? Or am I completely protected from it by ESET

or Webroot (or both -Hopefully)

Or maybe I have a different rootkit? Is there a way to positively tell me whether or not I

have a rootkit?

Very good article here - written for IT pros - very technical.:
ZeroAccess: code injection chronicles
http://blog.eset.com/2012/06/25/zero...ion-chronicles

[Dark Shadow]

wipe the drive and start fresh. This might not be what you want to hear but its a solution for an unstable system,slow from malware or just needs a fresh tune up.

[newbie2247]

Quote:

Originally Posted by Dark Shadow

wipe the drive and start fresh. This might not be what you want to hear but its a solution for an unstable system,slow from malware or just needs a fresh tune up.

I was afraid of that. I'd rather have a root canal than start from scratch yet again. And with this hanging over all our heads all the time, it is like spitting into the wind: http://borepatch.blogspot.com/2012/0...-is-nasty.html AND http://www.theregister.co.uk/2012/09/03/java_cleanup/.

Makes me wonder if a week after I get finished I'll get this lovely Sirefef mentioned above. According to these articles, one doesn't have much of a chance and many of us have it - we just don't know it. Swell!

[Dark Shadow]

I know what you mean but a root canal ouch.Do you have any images that dont go to far back so can avoid hours and hours of updating and installing.? I spent over 5 hours on a friends machine but the end result was a fantastic running system.It went from snails pace to the road runner.

[berryracer]

Quote:

Originally Posted by newbie2247

I was afraid of that. I'd rather have a root canal than start from scratch yet again. And with this hanging over all our heads all the time, it is like spitting into the wind: http://borepatch.blogspot.com/2012/0...-is-nasty.html AND http://www.theregister.co.uk/2012/09/03/java_cleanup/.

Makes me wonder if a week after I get finished I'll get this lovely Sirefef mentioned above. According to these articles, one doesn't have much of a chance and many of us have it - we just don't know it. Swell!

I create a backup after installing Windows, updating, installing drivers, installing software that is rarely modified such as Office, etc. then I create my first image using Acronist True Image

Then I install all the other software, and create a 2nd image

After that I use my computer, when there are many updated apps, especially if it was an antivirus, I would rather go back to one fo my previous images and start out fresh, that way I save a lot of time since I already have most of the stuff installed, and I have no headaches with a clean registry

IF you don't own Acronis True Image there is an awesome free alternative called ToDo Backup Free by EaseUS (the company that has one of the best partitioning programs and file recovery programs)

Download EaseUS ToDo Backup Free Edition v5.0

With that said, I advice you to format your ~ Snipped as per TOS ~ and start out fresh, then do the backup image I told you about to prevent this in the future

[agoretsky]

Hello,

This is the NOD32 v2 support forum—support for v2 was discontinued several months ago.

If you are still running NOD32 v2 you should upgrade to a newer version. Upgrades are free for licensed users, you just need to download them from ESET's web site.

A support engineer can assist you in uninstalling NOD32 v2, installing the latest version of ESET NOD32 Antivirus and checking your system for rootkits.

Regards,

Aryeh Goretsky