Hi, AVG Anti-rootkit found 3 hidden files and 1 hidden driver file that seem to be rootkits. When I select the found files and click 'remove files' I get an error message saying that the files can't be deleted.
Since the files are hidden I can't manually delete them or use an unlocker and I did try running AVG again in safe mode but the scan won't run in this mode.
Does anyone know to delete them? or of another program that is Vista compatible that can get rid of them?
You could try SuperAntiSpyware click here and Malwarebytes click here both are free programs. Download, install, then update and run them in safe mode one at a time. Between them they may sort your problem out.
Turn restore off then on again, by turning it off it deletes all restore points so once you get rid of the files create a new restore point. In Vista do the following.
Goto Control Panel and click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK. – or – To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK.
XP works the same way though I can't remember how to access the System restore screen now.
Where are the files located?If it's in the system volume information folder then they are in system restore.To delete all your restore points right click my computer/properties and in the system restore tab put a tick in the "turn off system restore" box.Make sure they are in the system restore before turning it off though.
I just thought you should know it's believed that any virus or malware imbeded in a restore point can't reinfect your computer after a scanner has delt with the malware. A virus scanner may delete the infected files off the computer but will still detect them in the system restore file and keep reporting them as present, this confused me when I first came across it. Have a read through this page for more information on the subject click here.