Is there a way to positively tell me whether or not I have a rootkit?

Discussion in 'NOD32 version 2 Forum' started by newbie2247, Sep 7, 2012.

Thread Status:
Not open for further replies.
  1. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199
    My laptop has been hinky all summer. Now and then it is slower than usual, freezes up,

    my scheduled scan won't occur, it sometimes takes a very very long time loading (I get

    hypnotized watching that durn blasted circle go round and round) and some other

    strange, totally out-of-the-blue kinds of things. Two other major issues immediately come

    to mind.

    One is, unexplicably my Sticky Notes program stopped working - just got sick and died.

    It will Open up and the data I put there ages ago is still there but I cannot do anything at all

    except Close up. I'm pretty frustrated as I've tried everything I've found online and can't fix

    it. Naturally I didn't get a disk upon purchase. (Never did with any of our computers.)

    So, now I'm thinking that's where some clever rootkit attached itself and corrupted this

    feature. The application is in C://Windows/System32 and I read online that it should be

    listed there like so: NAME: StikyNot.exe TYPE: Application. Mine doesn't look like that

    in one detail only. That is the name - mine does not have the ".exe" after it - so it reads as

    just plain StikyNot.

    The other issue has me convinced, despite everything I've read in the ESET Threat Blog,

    that I have Win64/Sirefef or ZeroAccess. At least once a week when booting up or after

    a restart, I get that "kernel" error message from ESET. Bingo!
    According to sites all over the `Net, that is the classic symptom - the most common one.

    Therefore, I believe I must have it.
    1) If so, I'd love to know how it got past ESET and Webroot.

    2) Plus why isn't any program detecting it?

    3) Why hasn't any of the 20 or so solutions I've tried on all the legitimate sites like

    Wilders and BleepingComputer detected
    it and removed it?


    I have been using Nod32 AV for many years as well as Webroot Prevx SafeOnline. I also use

    on-demand programs periodically like Malwarebytes Pro for example. Since these

    always come out clean, "No Malicous/Threats Found" how can I Absolutely and Definetly

    tell if I have the ZeroAccess rootkit or not? Or am I completely protected from it by ESET

    or Webroot (or both -Hopefully)

    Or maybe I have a different rootkit? Is there a way to positively tell me whether or not I

    have a rootkit?

    Very good article here - written for IT pros - very technical.:
    ZeroAccess: code injection chronicles
    http://blog.eset.com/2012/06/25/zeroaccess-code-injection-chronicles
     
  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    wipe the drive and start fresh. This might not be what you want to hear but its a solution for an unstable system,slow from malware or just needs a fresh tune up.
     
  3. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199

    I was afraid of that. I'd rather have a root canal than start from scratch yet again. And with this hanging over all our heads all the time, it is like spitting into the wind: http://borepatch.blogspot.com/2012/09/nasty-java-malware-is-nasty.html AND http://www.theregister.co.uk/2012/09/03/java_cleanup/.

    Makes me wonder if a week after I get finished I'll get this lovely Sirefef mentioned above. According to these articles, one doesn't have much of a chance and many of us have it - we just don't know it. Swell!
     
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I know what you mean but a root canal ouch.Do you have any images that dont go to far back so can avoid hours and hours of updating and installing.? I spent over 5 hours on a friends machine but the end result was a fantastic running system.It went from snails pace to the road runner.
     
  5. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    I create a backup after installing Windows, updating, installing drivers, installing software that is rarely modified such as Office, etc. then I create my first image using Acronist True Image

    Then I install all the other software, and create a 2nd image

    After that I use my computer, when there are many updated apps, especially if it was an antivirus, I would rather go back to one fo my previous images and start out fresh, that way I save a lot of time since I already have most of the stuff installed, and I have no headaches with a clean registry

    IF you don't own Acronis True Image there is an awesome free alternative called ToDo Backup Free by EaseUS (the company that has one of the best partitioning programs and file recovery programs)

    Download EaseUS ToDo Backup Free Edition v5.0

    With that said, I advice you to format your ~ Snipped as per TOS ~ and start out fresh, then do the backup image I told you about to prevent this in the future
     
    Last edited by a moderator: Sep 10, 2012
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    This is the NOD32 v2 support forum—support for v2 was discontinued several months ago.

    If you are still running NOD32 v2 you should upgrade to a newer version. Upgrades are free for licensed users, you just need to download them from ESET's web site.

    A support engineer can assist you in uninstalling NOD32 v2, installing the latest version of ESET NOD32 Antivirus and checking your system for rootkits.

    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.