Needed:A 64-bit Rootkit remover

If this has been addressed, then i apoligize, because i searched and found nothing.

THE WORLD NEEDS A 64-Bit Rootkit detection/removal software.

I have found nothing on the net that is compatible with any 64 bit microsoft product and removes most rootkits

Any suggestions? Maybe i just overlooked something?

What should i use thats compatible with Windows x64?

 

While trying to remove a rootkit sounds good, it is almost never possible to completly do. It is extremely difficult to locate the buggers, let alone get rid of every single thing they have done to a system. I would never trust a pc that has had a malicious rootkit again. The best and safest method of removal is a reformat, plain and simple.

Alphalutra1

 

Indeed. Detection is one thing, but there are few if any actual rootkit removers even for 32 bit systems because removal alone is just not the right thing to do. So the only sensible course of action once you've found a rootkit is, as you say, format and start again from scratch with a known clean system.

 

Hi

First of all i'm not aware of ANY rootkit or stealth type App that works on 64 Bit ! Do you think you've got one ?

I think there are some 64 Bit Apps which might be useful in some ways, if i can locate them again i'll post back with them. In the meantime the following might interest you.


Microsoft Takes Another Anti-Rootkit Step

http://www.eweek.com/article2/0,1895,1914391,00.asp

Digital Signatures for Kernel Modules on x64-based Systems Running Windows Vista

http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx

They’ll have to come up with a new approach to their rootkit sooner or later anyway, since system call hooking does not work at all on x64 64-bit versions of Windows.

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

Patching Policy for x64-Based Systems

http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx


You could get a 64-bit AntiVirus which might help. Currently there are about nine 64-bit solutions from companies world-wide. Even better might be to evaluate one with built in Rootkit detection. NOD32 from ESET may be one such solution worth investigating, with their ThreatSense technology.


StevieO

 

As far as I know, rootkits currently only work on 32-bit systems. Not 64-bit systems at the moment. But as technology advances, I'm sure it won't be long before they catch up with 64-bit systems and infect them.

 

well the reason for my suspicion is that i have used both avast antivirus and symantec corporate 10 (64-bit versions doing full system scans with updated definitions) and found no viruses on my computer, yet my cpu usage level is constantly at 50% or higher while my idle process is reporting that the cpu is above 90% free!

I have had a rootkit virus before on a 32-bit OS and that was one of the symptoms i noticed, and unequal report of my cpu usage.

May i be mistaken?

I can still boot x64 but right now i am using xp pro 32-bit, since that was the best solution i could find.

(windows defender x64 came up with nothing in a full scan too)

 

What makes you think that the CPU load is 50%+ (if the "Idle" (pseudo-)process is reported to "take" 90%+)?

 

task manager reports (at the bottom of it next to the number of processes) that "CPU Usage" is using 50% while the idle process displays 90+%

Ive never know task manager to be off or wrong either

 

I have the same problem here. Task manager indicates CPU usage 18-20% but no process can account for this CPU usage. I've tried pmon, part of the windows 2003 resource kit, but it gives me nothing more than task manager.

I have all MS updates, Windows defender installed. I have noticed this in the past, but have been doing system restore to a previous week for the past six months. Now whatever it is seems to have caught up with me, and I can't shake it with a system restore.

For info I have: Windows 64-bit Professional
Version 5.2 (Build 3790.srv03_sp1_rtm.050324-1447 : Service Pack 1)

 

If you're dual-booting, all you need to do is boot into the other Windows and scan the partition from there. Since it won't be running, it won't be hiding the files either.