How can I tell if my computer contains a rootkit? What exactly is it?

Question:

dlb

2010-03-25 08:41:37 UTC

I use Firefox. Lately, when I do a Yahoo search, the search results/links appear. But when I click on the link I want, I'm redirected to a totally different site. When I use the 'Go back one page' arrow to return to the Yahoo results, I'm taken to another totally different site that I did not want. If I keep clicking the arrow, I'm taken to all different sites. Someone mentioned a rootkit. I've heard the term, but I'm not familiar with it. So, in plain English please (lol), what are the possible problems/solutions here? I run AVG free and Malwarebytes, both which reveal no infected files. But I know something's not right, so it's got to be something that's able to slip by these two programs.So just how serious is this? Should I abandon all hope n go live underground and wait for Armageddon? As you can see, I'm able to retain a sense of humor, but I am for real about finding out what's wrong. Peace, y'all.

Five answers:

Sly_Old_Mole

2010-03-25 09:37:53 UTC

1. Free AVG is a poor AV with NO real time protection from rootkits.

2. Malwarebytes can remove some rootkits.

3. hijackers can be rootkits, malware or spyware. (redirected = hijacker)

4. rootkits are not easy to remove:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help, Instructions for receiving help in cleaning your computer

http://www.bleepingcomputer.com/forums/topic34773.html

Toby

2010-03-25 08:52:45 UTC

Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security scan and surveillance mechanisms. Often they are Trojans as well, fooling users into believing the rootkit is something else, something which they expect will be safe to install and run on their computer system.

Microsoft's Rootkit Revealer program can be downloaded here: http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

OK, so you're probably not going to believe me, and you're going to select someone who suggests some other anti malware program to clean your computer as the best answer. But then you'll realize that it didn't work, and you're still looking for a solution, THEN read this:

I've been a network administrator for over 12 years now. Here's what I do about virus and spyware infections: I backup all the documents, pictures, music, etc., and then I put in the Windows CD and have it format the hard drive and start over. That's the only way to be 100% sure that all of the infections are removed. For backing up the data files, I prefer an online file host (such as http://www.drivehq.com ) instead of a USB drive because recent viruses (like Conflicker) can infect your USB drive.

What should you back up? Almost always these days, if you just back up your "My Documents" folder (and the My Documents folders for other users on the computer), you'll have saved everything. Microsoft and third party software manufacturers are becoming very good at making sure all of your stuff goes into that folder, or a subfolder (such as My Pictures).

For the future, I recommend that you use Mozy Home Free Edition to keep your documents backed up online. Then you won't have to hesitate if you want to ever reformat your computer again. Here is a YouTube video that I made about how to use Mozy: http://www.youtube.com/watch?v=RmhAoPCmOdY

I also recommend installing Site Advisor at http://www.siteadvisor.com. It will pop up a red balloon any time you go to a web site that has malicious downloads. It will also put red, yellow, and green icons next to your Google and Yahoo search results.

I've been getting into Comodo lately: http://antivirus.comodo.com/

Actually, I don't know how well the anti-virus component of it works, but the thing is this: it has a "sandbox" feature. Unless you specifically tell Comodo to allow permanent changes, everything that you do in your browser gets undone when you restart your computer.

Here is a Hak5 podcast that showcases Comodo's sandbox feature: http://www.hak5.org/episodes/episode-703

2016-03-03 03:14:49 UTC

If you've got a rootkit the best thing is to reformat your pc and re-install all your programs and files. You can never be sure you've removed a rootkit otherwise. Don't keep the file with the rootkit in or it's pointless.

SealedWithAKiss

2010-03-25 08:47:16 UTC

I wouldn't say that you are infected with a root kit. A root kit is a piece of malicious software that has 'rooted' itself deep within the operating system of your computer, making detection and removal by most commercial anti-viral products extremely difficult.

One thing that is for sure is that your web browser has been hi-jacked, and the software that you are using to scan your computer hasn't been able to detect the cause of the problem.

My suggestion is to update your anti-viral databases and run complete scans on your drive. Download AVG Free from www.avg.com and Google for Spybot S&D. Install them both and run thorough scans in safe mode. This should help restore normality.

Hope that the advice is useful!

az :)

2010-03-25 08:50:57 UTC

well a rootkit is defined as... ( follow this link) http://en.wikipedia.org/wiki/Rootkit

try avira free... it detects rootkits and you can get rid off it....

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese