Rootkits - Can't delete

  Morty69 10:17 17 Jun 09
Locked

Hi, AVG Anti-rootkit found 3 hidden files and 1 hidden driver file that seem to be rootkits. When I select the found files and click 'remove files' I get an error message saying that the files can't be deleted.

Since the files are hidden I can't manually delete them or use an unlocker and I did try running AVG again in safe mode but the scan won't run in this mode.

Does anyone know to delete them? or of another program that is Vista compatible that can get rid of them?

Cheers,
M69

  gazzaho 10:29 17 Jun 09

You could try SuperAntiSpyware click here and Malwarebytes click here both are free programs. Download, install, then update and run them in safe mode one at a time. Between them they may sort your problem out.

  GANDALF <|:-)> 10:34 17 Jun 09

They are probably in system restore. You could delete all the restore points.

G

  Morty69 10:39 17 Jun 09

Cheers Guys,

Used Malwarebytes and it's cleaned something but the rk's are still there.

G - how would I go about removing the restore points?

Cheers
M69

  gazzaho 10:50 17 Jun 09

Turn restore off then on again, by turning it off it deletes all restore points so once you get rid of the files create a new restore point. In Vista do the following.

Goto Control Panel and click System.

In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
– or –
To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK.

XP works the same way though I can't remember how to access the System restore screen now.

  hiwatt 10:51 17 Jun 09

Where are the files located?If it's in the system volume information folder then they are in system restore.To delete all your restore points right click my computer/properties and in the system restore tab put a tick in the "turn off system restore" box.Make sure they are in the system restore before turning it off though.

  hiwatt 10:52 17 Jun 09

Too slow.

  gazzaho 11:01 17 Jun 09

I just thought you should know it's believed that any virus or malware imbeded in a restore point can't reinfect your computer after a scanner has delt with the malware. A virus scanner may delete the infected files off the computer but will still detect them in the system restore file and keep reporting them as present, this confused me when I first came across it. Have a read through this page for more information on the subject click here.

  mfletch 12:42 17 Jun 09

Be careful with rootkits some system files can be seen as a rootkit and you don;t want to delete any of them.

Always ask a expert before removing rootkits?

  bluto1 19:10 17 Jun 09

Try typing Sophos Anti Rootkit into Google and searching. Sorry I haven't a link. This worked a treat for me, and if I remember correctly it's free.

  Wak 12:26 18 Jun 09

PANDA also do a good FREE anti-rootkit program which you can google for.

This thread is now locked and can not be replied to.

Sony Xperia XZ Premium review: Hands-on with the new 4K HDR phone with Motion Eye camera and Snapdr5…

1995-2015: How technology has changed the world in 20 years

Best laptop for design and art 2017: we test Apple, Dell, HP, Lenovo and Microsoft's best models…

CarPlay tips & troubleshooting guide: CarPlay tips & troubleshooting guide: Get the most from…