rootkit

[juddie]

keep getting this notice that I have a rootkit in my system and that I should delete it. Thing is, it won't let me delete it. Is it a virus and if so, how can I get rid of it?

[jonny72]

What is issuing the notice? Anti-virus software? Or something else?

I'm no expert but I rootkits can be really bad shit, reinstall Windows kind of bad shit.

[jayohaitchenn]

Jonny is right. It takes a proper expert days of work to get rid of a rootkit. Better off starting from scratch.

[Simon Pieman]

Before you do anything rash, let us know the program causing the alert. As jonny alluded to, a lot of dodgy messages appear from suspect third party apps just to get you to buy their software. There may actually be no rootkit at all, although if you're getting dodgy messages you at least have some form of malware present.

[stfcinbmth]

Worth a try

Code:

http://www.malwarebytes.org/

[Peter Venkman]

This is the best antirootkit on the market and its free, just sign up to it with a fake name and address, no real registration needed as it just chucks up the download link as soon as you click on next.

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

[juddie]

I'll take a look tonight. cheers for the advice.

[juddie]

right, I'm getting this:

C:\Windows\System32\Drivers\vjmxh.sys
hidden services
Win32:Rootkit-gen [Rtk]

[caveman]

Jonny is right. It takes a proper expert days of work to get rid of a rootkit. Better off starting from scratch.

days of work is a bit of an exaggeration, its not rocket science

[Simon Pieman]

right, I'm getting this:

C:\Windows\System32\Drivers\vjmxh.sys
hidden services
Win32:Rootkit-gen [Rtk]

I'll come online later this evening probably about 9pm and will help you out. I think we should be able to remove this tonight, I don't reckon it's more than an evening's work, hopefully only an hour or two to confirm your computer is clean.

[juddie]

top man. I'll see you then...

[jonny72]

I'll come online later this evening probably about 9pm.

Another chat roulette fan.

[Simon Pieman]

This was a pain in the backside to remove. In the end I used a great tool which identifies rootkits and allows you to kill the hidden process before deleting. Nothing else would work, took many attempts but sorted it out using remote assistance.

Code:

http://www.gmer.net/

I'd only use it if you have a decent knowledge of computers, don't want anyone to fuck their pc up.

[jayohaitchenn]

How long did it take?

[juddie]

three/four nights of Si's time, for which I am eternally grateful. Cheers Si!