Rootkits - Can't delete

  Morty69 10:17 17 Jun 2009

Hi, AVG Anti-rootkit found 3 hidden files and 1 hidden driver file that seem to be rootkits. When I select the found files and click 'remove files' I get an error message saying that the files can't be deleted.

Since the files are hidden I can't manually delete them or use an unlocker and I did try running AVG again in safe mode but the scan won't run in this mode.

Does anyone know to delete them? or of another program that is Vista compatible that can get rid of them?


  gazzaho 10:29 17 Jun 2009

You could try SuperAntiSpyware click here and Malwarebytes click here both are free programs. Download, install, then update and run them in safe mode one at a time. Between them they may sort your problem out.

  GANDALF <|:-)> 10:34 17 Jun 2009

They are probably in system restore. You could delete all the restore points.


  Morty69 10:39 17 Jun 2009

Cheers Guys,

Used Malwarebytes and it's cleaned something but the rk's are still there.

G - how would I go about removing the restore points?


  gazzaho 10:50 17 Jun 2009

Turn restore off then on again, by turning it off it deletes all restore points so once you get rid of the files create a new restore point. In Vista do the following.

Goto Control Panel and click System.

In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
– or –
To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK.

XP works the same way though I can't remember how to access the System restore screen now.

  hiwatt 10:51 17 Jun 2009

Where are the files located?If it's in the system volume information folder then they are in system restore.To delete all your restore points right click my computer/properties and in the system restore tab put a tick in the "turn off system restore" box.Make sure they are in the system restore before turning it off though.

  hiwatt 10:52 17 Jun 2009

Too slow.

  gazzaho 11:01 17 Jun 2009

I just thought you should know it's believed that any virus or malware imbeded in a restore point can't reinfect your computer after a scanner has delt with the malware. A virus scanner may delete the infected files off the computer but will still detect them in the system restore file and keep reporting them as present, this confused me when I first came across it. Have a read through this page for more information on the subject click here.

  mfletch 12:42 17 Jun 2009

Be careful with rootkits some system files can be seen as a rootkit and you don;t want to delete any of them.

Always ask a expert before removing rootkits?

  bluto1 19:10 17 Jun 2009

Try typing Sophos Anti Rootkit into Google and searching. Sorry I haven't a link. This worked a treat for me, and if I remember correctly it's free.

  Wak 12:26 18 Jun 2009

PANDA also do a good FREE anti-rootkit program which you can google for.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Dell XPS 13 9370 (2018) review

The art of 'British' pulp fiction

Best password managers for Mac

TV & streaming : comment regarder le Tournoi des Six Nations 2018 ?