Trojan.heur.gz.aew@bm6q35 Followed By A Rootkit

BitDefender AntiVirus 2009 successfully removed the above Trojan but in that same day it also detected a RootKit that I don't know how to get rid of. I tried using BitDefender's AntiRootKit-Beta2. The number of hidden files keeps rising when I run it.


The screen I get at the end of the BitDefender Antivirus scan is attached. My OS is Windows XP Professional Version 2002 SP3.


What actions should I take to get rid of the rootkit?

/applications/core/interface/file/attachment.php?id=6030" data-fileid="6030" rel="">RootKit.doc

Comments

  • Hello BlueGreenPurple,


    The RRUbackups folder is actually a hidden folder which is part of the IBM Rescue & Recovery Utility (RRU) and is created by the BIOS. The contents of this folder are encrypted and/or hidden from the operating system in order to be protected. They cannot be accessed or modified by anything other than the IBM Rescue & Recovery Utility (RRU). The contents are not infected.


    Please ignore the RRUbackups references in the scan report.

  • Hello BlueGreenPurple,


    The RRUbackups folder is actually a hidden folder which is part of the IBM Rescue & Recovery Utility (RRU) and is created by the BIOS. The contents of this folder are encrypted and/or hidden from the operating system in order to be protected. They cannot be accessed or modified by anything other than the IBM Rescue & Recovery Utility (RRU). The contents are not infected.


    Please ignore the RRUbackups references in the scan report.


    Do you know why BitDefender says I have 1 threat with 1404 infected files starting a few days ago when I have run countless BitDefender scans in the past without this issue? So I really don't have a rootkit problem?


    Thanks for your help!

  • Do you know why BitDefender says I have 1 threat with 1404 infected files starting a few days ago when I have run countless BitDefender scans in the past without this issue? So I really don't have a rootkit problem?


    Thanks for your help!


    One last question, my options are 'take no action' and 'unhide'. Does is matter which option I choose?

  • The files are indeed rootkits but they pose no threat,just select 'take no action'


    Only a deep system scan will search for rootkits.What type of scans do you usually run?

  • The files are indeed rootkits but they pose no threat,just select 'take no action'


    Only a deep system scan will search for rootkits.What type of scans do you usually run?


    I guess I'm not sure. The BitDefender icon shows a triangle every few days saying I have an issue to fix which is that I haven't scanned my system in X days so I click 'fix' and it scans.

  • I guess I'm not sure. The BitDefender icon shows a triangle every few days saying I have an issue to fix which is that I haven't scanned my system in X days so I click 'fix' and it scans.


    During this time BitDefender was running full scans,that's why you did not notice the rootkit entries.