Technical Discussion
  >> Windows Issues


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User bryn
(committed) Wed 26-Jan-11 16:15:26
Print Post

Please try AVG 2011 (free) rootkit check on Win XP


[link to this post]
 
Just recovering from a very nasty virus infection on PC which I think is now cleared as Avast, Malwarebytes, Kaspersky Virus Removal Tool 2010 and AVG 2011 full scan all report no faults.

However if I run the rootkit test option on AVG 2011 (Its a new test in this year's version) it reports 6 IRP hooks which it can't remove. I get the same thing on another XP machine which is rarely used for browsing. Windows 7 machines here don't report these hooks. AVG says the hooks *may* be used to hide rootkits, but as noted above, no other application finds anything.

Google shows a number of other mystified users and no clear answer.

If you have an XP machine, I'd be grateful if you could try the AVG 2011 rootkit test and see if you get a similar report. It may just be a false positive, but I'd like to be sure.

Many thanks

Bryn
Standard User camieabz
(legend) Wed 26-Jan-11 16:18:51
Print Post

Re: Please try AVG 2011 (free) rootkit check on Win XP


[re: bryn] [link to this post]
 
Have a read:

http://tweaks.com/forum/Topic259048-28-1.aspx

Might be worth trying Hijack This.

~~~~~~~~~~



© Camieabz 2002-2011 - All rights and lefts reserved.

report this link
Standard User bryn
(committed) Wed 26-Jan-11 17:01:39
Print Post

Re: Please try AVG 2011 (free) rootkit check on Win XP


[re: camieabz] [link to this post]
 
Yes, I had read that link already.

What I want to do now is find out if the IRP hooks are an infection or not. If other folks with XP machines have them, I'll assume they are benign. If not, I feel a full reformat coming on smile

--
Bryn


Register (or login) on our website and you will not see this ad.

Standard User gomezz
(eat-sleep-adslguide) Wed 26-Jan-11 19:05:23
Print Post

Re: Please try AVG 2011 (free) rootkit check on Win XP


[re: bryn] [link to this post]
 
Just run it and it found nothing. OTOH it had only minutes earlier done a programme updated so it could be that they were false postives which they have now fixed.

O2 Standard (8Mbps LLU)
Standard User bryn
(committed) Thu 27-Jan-11 10:58:27
Print Post

Re: Please try AVG 2011 (free) rootkit check on Win XP


[re: gomezz] [link to this post]
 
Thanks, I made the update without any change. Also tried SuperAntiSpyware which said it found umpteen trojans, but I still get the same result with AVG rootkit check.

Anyone else tried the AVG 2011 rootkit check on Win XP yet?

--
Bryn
Standard User TTEnt
(newbie) Thu 27-Jan-11 11:21:40
Print Post

Re: Please try AVG 2011 (free) rootkit check on Win XP


[re: bryn] [link to this post]
 
Have just run AVG Rootkit check nothing found.
Windows XP Professional SP3.
AVG Version 10.0.1204. Virus DB 1435/3405.

AVG did an update today although have not yet rebooted laptop which it wanted me to do.
Standard User Deadbeat
(knowledge is power) Thu 03-Feb-11 23:58:55
Print Post

Re: Please try AVG 2011 (free) rootkit check on Win XP


[re: bryn] [link to this post]
 
AV 2011 had quite a lot of bad press initially so I'm not sure that I'd trust it for a while.
If a rootkit is present, it's inadvisable to run AV/malware scans from within the affected OS as the system could well be hooked before the anti malware software is initialised, thereby rendering it unreliable at best.
With this in mind, it's worth having one of the many Bart's PE type releases such as UBCD4Win which contain updateable versions of SAS, MBAM and Avira etc and the Kaspersky Rescue Disk 10 ready to hand.
These are images of bootable CD's which should be burned on a known clean machine and used to boot the affected machine. Both have very wide ranging network adapter and TCP/IP etc support which allow anti malware etc software to be fully updated before use. The UBCD type boot media utilise "MiniXP", DOS and often Linux type interfaces with many useful and powerful applications included whilst the Kaspersky media is exclusively Ubuntu based. The Kaspersky media contains wide support for WLAN adapters.

Be aware that many of the Bart PE type images may contain "pirated" software.

Edited by Deadbeat (Fri 04-Feb-11 00:00:43)

  Print Thread

Jump to