Looking for Rootkit Removal

Discussion in 'other anti-malware software' started by whitedragon551, Aug 17, 2009.

Thread Status:
Not open for further replies.
  1. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    Im looking for a good free rootkit removal/scanner for Vista x64 systems. I appear to have a clean system, but I figured Id try one last thing before finally switching to Windows 7.
     
    whitedragon551, Aug 17, 2009
    #1
  2. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    the Tester, Aug 17, 2009
    #2
  3. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    whitedragon551, Aug 17, 2009
    #3
  4. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    the Tester, Aug 17, 2009
    #4
  5. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    Thats funny I just downloaded it.
     
    whitedragon551, Aug 17, 2009
    #5
  6. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,576
    I "assume" that any of the Antivirus Rescue CD's would be considered to be both 32 bit and 64 bit since they do the scan when Windows is not operating. AVIRA states that scans with their Rescue CD will allow the rootkits to be visible since Windows is not operating at the time.

    http://www.free-av.com/en/products/12/avira_antivir_rescue_system.html

    AVIRA Rescue CD Tutorial:

    http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

    Some other AV Rescue CD’s:
    F-Secure
    Kaspersky
    BitDefender
    DrWeb
     
    TheKid7, Aug 17, 2009
    #6
  7. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    Sophos Anti Rootkit revealed 6 things. None of which it recommends to remove.

    2 are for SecuRom data
    1 is for a Driver for sptd.sys
    1 is for Crucials RAM scanner
    2 are for Registry keys in HKEY USERS shell extensions

    The registry keys look funny. They read:

    \HKEY_USERS\S-1-5-21-3187278895-1530033346-4051415200-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74933AAB-A691-C0EF-9432-6A439562A9FB}\haifbocjkipfcaio

    \HKEY_USERS\S-1-5-21-3187278895-1530033346-4051415200-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74933AAB-A691-C0EF-9432-6A439562A9FB}\iagfhfkgpjfnoedbfn
     
    whitedragon551, Aug 17, 2009
    #7
  8. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hi,

    aaaa... There are currently NO rootkits for the 64bit environment ...

    sptd.sys - is from Daemon Tools.

    Try ESET SysInspector (link dans my Signature), also Advanced Windows Service Manager from securityxploded: http://securityxploded.com/winservicemanager.php

    These two works in Windows 64bits.

    P.:thumb:
     
    PROROOTECT, Aug 18, 2009
    #8
  9. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    ye those registry look somewhat "strange" to say the least...
     
    firzen771, Aug 18, 2009
    #9
  10. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    There werent any in 06-07, but its been 2 years. There has to be atleast one by now.
     
    whitedragon551, Aug 18, 2009
    #10
  11. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    \HKEY_USERS\S-1-5-21-3187278895-1530033346-4051415200-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74933AAB-A691-C0EF-9432-6A439562A9FB}\haifbocjkipfcaio

    \HKEY_USERS\S-1-5-21-3187278895-1530033346-4051415200-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74933AAB-A691-C0EF-9432-6A439562A9FB}\iagfhfkgpjfnoedbfn

    They look strange, the last jumbled stuff anyway. But that may be the very nature of the security account assigning jumbled up numbers letters (encryption).
     
    Keyboard_Commando, Aug 18, 2009
    #11
  12. ParadigmShift

    ParadigmShift Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    241
    BartPE CD/DVD
    Linux LiveCD
    Slave the hard drive
     
    ParadigmShift, Aug 18, 2009
    #12
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...