Vista - Rootkit

**ssplal** · 03-10-2008

Hi
Today i scanned my system and got the following notification.
"The On-Demand Scan found alterations to code or data which may indicate that a rootkit is attempting to hide files, registry keys, processes or other items. If this scan fails to find anything then the computer should be scanned with McAfee PreScan or booted into Safe Mode and this scan run again"

What is the problem and what should i do now?
Please guide me.
Thanks

03-10-2008

It sounds like your antivirus program has found evidence of a serious kind of
virus. You may be able to fix it by following the instructions that came
with your virus scanner. However, it's not always possible to recover an
infected computer. The safest course of action is to back up all your
documents and re-install Windows.

I'd strongly suggest that you not use that computer for internet banking or
other "secure" stuff.

"ssplal" wrote:

Quote:

>
> Hi
> Today i scanned my system and got the following notification.
> "The On-Demand Scan found alterations to code or data which may
> indicate that a rootkit is attempting to hide files, registry keys,
> processes or other items. If this scan fails to find anything then the
> computer should be scanned with McAfee PreScan or booted into Safe Mode
> and this scan run again"
>
> What is the problem and what should i do now?
> Please guide me.
> Thanks
>
>
> --
> ssplal
>

03-10-2008

ssplal wrote:

Quote:

>
> Hi
> Today i scanned my system and got the following notification.
> "The On-Demand Scan found alterations to code or data which may
> indicate that a rootkit is attempting to hide files, registry keys,
> processes or other items. If this scan fails to find anything then the
> computer should be scanned with McAfee PreScan or booted into Safe Mode
> and this scan run again"

McAfee isn't very good (and I'm being polite about it by saying only that).
It would be wise to scan with another antivirus/malware product to get a
"second opinion" first before you panic. I'd use David Lipman's Multi_AV:

http://www.elephantboycomputers.com/...moving_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://tinyurl.com/yoeru3 - download link and more instructions

If McAfee reported a particular file as the rootkit, you can also send it to
Virus Total for identification.

http://www.virustotal.com/

If your alternate scan comes up clean, I'd consider replacing McAfee with a
betteer security solution such as NOD32, Kaspersky, or even Avast if you
want something free.

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!

03-10-2008	#1 (permalink)
ssplal Vista Home Premium 32bit 1 posts	Rootkit Hi Today i scanned my system and got the following notification. "The On-Demand Scan found alterations to code or data which may indicate that a rootkit is attempting to hide files, registry keys, processes or other items. If this scan fails to find anything then the computer should be scanned with McAfee PreScan or booted into Safe Mode and this scan run again" What is the problem and what should i do now? Please guide me. Thanks
My System Specs

03-10-2008	#2 (permalink)
Jeff Smith [MSFT] n/a posts	RE: Rootkit It sounds like your antivirus program has found evidence of a serious kind of virus. You may be able to fix it by following the instructions that came with your virus scanner. However, it's not always possible to recover an infected computer. The safest course of action is to back up all your documents and re-install Windows. I'd strongly suggest that you not use that computer for internet banking or other "secure" stuff. "ssplal" wrote: Quote: > > Hi > Today i scanned my system and got the following notification. > "The On-Demand Scan found alterations to code or data which may > indicate that a rootkit is attempting to hide files, registry keys, > processes or other items. If this scan fails to find anything then the > computer should be scanned with McAfee PreScan or booted into Safe Mode > and this scan run again" > > What is the problem and what should i do now? > Please guide me. > Thanks > > > -- > ssplal >
My System Specs

03-10-2008	#3 (permalink)
Malke n/a posts	Re: Rootkit ssplal wrote: Quote: > > Hi > Today i scanned my system and got the following notification. > "The On-Demand Scan found alterations to code or data which may > indicate that a rootkit is attempting to hide files, registry keys, > processes or other items. If this scan fails to find anything then the > computer should be scanned with McAfee PreScan or booted into Safe Mode > and this scan run again" McAfee isn't very good (and I'm being polite about it by saying only that). It would be wise to scan with another antivirus/malware product to get a "second opinion" first before you panic. I'd use David Lipman's Multi_AV: http://www.elephantboycomputers.com/...moving_Malware Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode. Please see the special Notes regarding using Multi_AV in Vista. http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions http://tinyurl.com/yoeru3 - download link and more instructions If McAfee reported a particular file as the rootkit, you can also send it to Virus Total for identification. http://www.virustotal.com/ If your alternate scan comes up clean, I'd consider replacing McAfee with a betteer security solution such as NOD32, Kaspersky, or even Avast if you want something free. Malke -- MS-MVP Elephant Boy Computers www.elephantboycomputers.com Don't Panic!
My System Specs

Similar topics to: Rootkit
Thread	Forum
Rootkit Revealer	Vista security
please help - rootkit problem	System Security
Rootkit help PLEASE!!!	Vista General
Rootkit	Vista General
How do I get rid of a rootkit	Vista security

Vista - Rootkit

Rootkit problems?