Windows 10: Rootkit Virus? Solved

Page 1 of 3 123 LastLast
  1.    03 Aug 2016 #1

    Rootkit Virus? Inline Hook Ntoskrnl.exe AVG

    I basically downloaded the 1607 Windows update, the latest one. And one time, my AVG came up with 800 plus threats to do with a rootkit or something, and I think ntoskrnl.exe. I can't remember. Basically, the threats I think were hidden, and either way it couldn't delete them. I thought that it might of been to do with where I configured my boot settings to safe mode, as I sometimes go into that mode to be able to delete certain files I can't normally. But now, I've tried doing numerous scans with AVG, and everything seems clear and detected?? Any idea what it might of been? I haven't downloaded nothing 'bogus' since the update etc neither. Kinda worried, lol.
    Last edited by Gelbs; 04 Aug 2016 at 07:34.
      My ComputerSystem Spec

  2.    03 Aug 2016 #2

      My ComputerSystem Spec

  3. Borg 386's Avatar
    Posts : 21,284
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       03 Aug 2016 #3

    If you're still concerned, which would be a valid concern when it comes to a rootkit, then run a scan with TDSSKiller which is designed to find/remove rootkits.

    TDSSKiller Download

    Note   Note
    When running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.

    A rootkit will create a hidden partition, at the end of the drive, 1 - 10 MB in size and set itself as the boot partition. Hence, the rootkit is already running before Windows loads. This hidden partition will not show up on Windows Disk Management in most cases.

    A rootkit is a program or a program kit that hides the presence of malware in the system.

    A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain “invisible”).
    Malwarebytes also includes a rootkit scan. The free version will work fine.

    Malwarebytes | Free Anti-Malware & Malware Removal

    Enable Rootkit Scan on Malwarebytes
    Last edited by Borg 386; 03 Aug 2016 at 13:13.
      My ComputerSystem Spec

  4.    03 Aug 2016 #4

    Okay thanks! I'll give them a try. It was an 'Inline Hook' virus detected or something as well. I thought it might of been to do with a registry hack for Cortana but either way, AVG is now detecting no new threats, pretty strange! Unless it was a false positive or something.
      My ComputerSystem Spec

  5. Borg 386's Avatar
    Posts : 21,284
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       03 Aug 2016 #5

    It would be a good idea to run Malwarebytes & do a full system scan to see if it finds anything else. Viruses tend to invite others to the party. Malwarebytes will not cause a conflict with AVG & it's suggested you add this to your arsenal of malware scanners. You will need to update the definitions manually every time you scan unless you opt for the Pro version.

    Be aware that the free version is a "on demand" scanner & does not run active background scanning. The Pro version however does.
      My ComputerSystem Spec

  6.    03 Aug 2016 #6

    I'll see what Malwarebytes does. I already have it, but just waiting for AVG to finish another scan. I also have a third 'volume' disc showing under my optimise drives settings. Anyway of me finding out what that is? Although it might be where I sometimes connect an external hard-drive to my computer. Getting paranoid now, lol.
      My ComputerSystem Spec

  7.    03 Aug 2016 #7

    Malwarebytes hasn't detected anything thus far. If that's the case, what do you think it was previously? I mean, to detect 800 odd threats is a heck of a lot! Seems strange. Should I do a clean install or something, or you think that I'm safe?
      My ComputerSystem Spec

  8. Borg 386's Avatar
    Posts : 21,284
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       03 Aug 2016 #8

    800 does sound like a lot. That is always the safest option, a clean install. It's up to you, most people try to avoid this as it involves setting everything up again from scratch. Be sure to wipe the entire drive if you opt for this action as some rootkits can survive a re-installation.

    Reset Windows 10 - Windows 10 Forums

    Refresh Windows 10 - Windows 10 Forums

    Windows 10 - Clean Install - Windows 10 Forums

    You will find links to other options & related tutorials at the bottom of the page on all of these tutorials.
      My ComputerSystem Spec

  9.    03 Aug 2016 #9

    Yeah. I hate having to install everything. Pain in the arse lol. I'll see how things go. Hopefully it might not of been anything.
      My ComputerSystem Spec

  10. Borg 386's Avatar
    Posts : 21,284
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       03 Aug 2016 #10

    Yeah, it is a PIA but the best way when in doubt.

    See what Malwarebytes as well as TDSSKiller says. Other good malware scanners are AdwCleaner & SuperAntiSpyware Portable.

    There is another way to confirm if you do have a hidden partition on your HDD that might be hiding from Windows. GParted is a bootable partition manager that you can use to look at your HDD. Since it runs at boot up, you can get a good look at what exists on your drive before windows engages.

    As I stated earlier, a rootkit will show as a hidden boot partition, usually at the end of the drive, 1 - 10 MB in size, depending on the variant.

    You can d/l it here & make a boot disk/USB.
      My ComputerSystem Spec

Page 1 of 3 123 LastLast

Related Threads
Solved Strange virus in AntiVirus, Firewalls and System Security
So I accidentally installed something on my computer, and with it came something that I'm not sure if it's a virus or just an annoying problem. What I know is that I can't find a way to remove it. It looks like a program that's all in Chinese,...
Locky Virus... help please! in AntiVirus, Firewalls and System Security
My computer came down with the Locky Virus this morning. When I googled it a company called Equipe Microfix came up and they said for $500 (for their labor) and 1.2 bitcoin they would fix the problem. I.e. go on the dark web to get a private key...
Help with a virus in AntiVirus, Firewalls and System Security
Hi everyone, So here is my issue, I installed some software but it turned out to be a fake version of that software. It installed a ton of bloat and popups and all of that. When ever I uninstalled the software it would reinstall itself and it was a...
Hacking Team stealthy spyware rootkit stays entrenched in AntiVirus, Firewalls and System Security
And the news just keeps getting better & better......:sarc: Hacking Team stealthy spyware rootkit stays entrenched through hard disk removal | ZDNet
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 22:58.
Find Us