Rootkit Virus?

Page 1 of 3 123 LastLast

  1. Posts : 135
    Windows 10
       #1

    Rootkit Virus? Inline Hook Ntoskrnl.exe AVG


    I basically downloaded the 1607 Windows update, the latest one. And one time, my AVG came up with 800 plus threats to do with a rootkit or something, and I think ntoskrnl.exe. I can't remember. Basically, the threats I think were hidden, and either way it couldn't delete them. I thought that it might of been to do with where I configured my boot settings to safe mode, as I sometimes go into that mode to be able to delete certain files I can't normally. But now, I've tried doing numerous scans with AVG, and everything seems clear and detected?? Any idea what it might of been? I haven't downloaded nothing 'bogus' since the update etc neither. Kinda worried, lol.
    Last edited by Gelbs; 04 Aug 2016 at 07:34.
      My Computer


  2. Posts : 135
    Windows 10
    Thread Starter
       #2

    undetected*
      My Computer

  3. Borg 386's Avatar
    Posts : 28,779
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       #3

    If you're still concerned, which would be a valid concern when it comes to a rootkit, then run a scan with TDSSKiller which is designed to find/remove rootkits.

    TDSSKiller Download

    Note   Note
    When running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.


    A rootkit will create a hidden partition, at the end of the drive, 1 - 10 MB in size and set itself as the boot partition. Hence, the rootkit is already running before Windows loads. This hidden partition will not show up on Windows Disk Management in most cases.

    A rootkit is a program or a program kit that hides the presence of malware in the system.

    A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain “invisible”).
    Malwarebytes also includes a rootkit scan. The free version will work fine.

    Malwarebytes | Free Anti-Malware & Malware Removal

    Enable Rootkit Scan on Malwarebytes
    Last edited by Borg 386; 03 Aug 2016 at 13:13.
      My Computer


  4. Posts : 135
    Windows 10
    Thread Starter
       #4

    Okay thanks! I'll give them a try. It was an 'Inline Hook' virus detected or something as well. I thought it might of been to do with a registry hack for Cortana http://www.howtogeek.com/265027/how-...in-windows-10/ but either way, AVG is now detecting no new threats, pretty strange! Unless it was a false positive or something.
      My Computer

  5. Borg 386's Avatar
    Posts : 28,779
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       #5

    It would be a good idea to run Malwarebytes & do a full system scan to see if it finds anything else. Viruses tend to invite others to the party. Malwarebytes will not cause a conflict with AVG & it's suggested you add this to your arsenal of malware scanners. You will need to update the definitions manually every time you scan unless you opt for the Pro version.

    Be aware that the free version is a "on demand" scanner & does not run active background scanning. The Pro version however does.
      My Computer


  6. Posts : 135
    Windows 10
    Thread Starter
       #6

    I'll see what Malwarebytes does. I already have it, but just waiting for AVG to finish another scan. I also have a third 'volume' disc showing under my optimise drives settings. Anyway of me finding out what that is? Although it might be where I sometimes connect an external hard-drive to my computer. Getting paranoid now, lol.
      My Computer


  7. Posts : 135
    Windows 10
    Thread Starter
       #7

    Malwarebytes hasn't detected anything thus far. If that's the case, what do you think it was previously? I mean, to detect 800 odd threats is a heck of a lot! Seems strange. Should I do a clean install or something, or you think that I'm safe?
      My Computer

  8. Borg 386's Avatar
    Posts : 28,779
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       #8

    800 does sound like a lot. That is always the safest option, a clean install. It's up to you, most people try to avoid this as it involves setting everything up again from scratch. Be sure to wipe the entire drive if you opt for this action as some rootkits can survive a re-installation.

    Reset Windows 10 - Windows 10 Forums

    Refresh Windows 10 - Windows 10 Forums

    Windows 10 - Clean Install - Windows 10 Forums

    You will find links to other options & related tutorials at the bottom of the page on all of these tutorials.
      My Computer


  9. Posts : 135
    Windows 10
    Thread Starter
       #9

    Yeah. I hate having to install everything. Pain in the arse lol. I'll see how things go. Hopefully it might not of been anything.
      My Computer

  10. Borg 386's Avatar
    Posts : 28,779
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       #10

    Yeah, it is a PIA but the best way when in doubt.

    See what Malwarebytes as well as TDSSKiller says. Other good malware scanners are AdwCleaner & SuperAntiSpyware Portable.

    There is another way to confirm if you do have a hidden partition on your HDD that might be hiding from Windows. GParted is a bootable partition manager that you can use to look at your HDD. Since it runs at boot up, you can get a good look at what exists on your drive before windows engages.

    As I stated earlier, a rootkit will show as a hidden boot partition, usually at the end of the drive, 1 - 10 MB in size, depending on the variant.

    You can d/l it here & make a boot disk/USB.

    http://gparted.org/

    http://gparted.org/documentation.php
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:10.
Find Us




Windows 10 Forums