Trojan.heur.gz.aew@bm6q35 Followed By A Rootkit

BitDefender AntiVirus 2009 successfully removed the above Trojan but in that same day it also detected a RootKit that I don't know how to get rid of. I tried using BitDefender's AntiRootKit-Beta2. The number of hidden files keeps rising when I run it.

The screen I get at the end of the BitDefender Antivirus scan is attached. My OS is Windows XP Professional Version 2002 SP3.

What actions should I take to get rid of the rootkit?

/applications/core/interface/file/attachment.php?id=6030" data-fileid="6030" rel="">RootKit.doc

Find more posts tagged with

Comments

Cristi Raducu

Hello BlueGreenPurple,

The RRUbackups folder is actually a hidden folder which is part of the IBM Rescue & Recovery Utility (RRU) and is created by the BIOS. The contents of this folder are encrypted and/or hidden from the operating system in order to be protected. They cannot be accessed or modified by anything other than the IBM Rescue & Recovery Utility (RRU). The contents are not infected.

Please ignore the RRUbackups references in the scan report.

BlueGreenPurple

Hello BlueGreenPurple,

The RRUbackups folder is actually a hidden folder which is part of the IBM Rescue & Recovery Utility (RRU) and is created by the BIOS. The contents of this folder are encrypted and/or hidden from the operating system in order to be protected. They cannot be accessed or modified by anything other than the IBM Rescue & Recovery Utility (RRU). The contents are not infected.

Please ignore the RRUbackups references in the scan report.

Do you know why BitDefender says I have 1 threat with 1404 infected files starting a few days ago when I have run countless BitDefender scans in the past without this issue? So I really don't have a rootkit problem?

Thanks for your help!

BlueGreenPurple

Do you know why BitDefender says I have 1 threat with 1404 infected files starting a few days ago when I have run countless BitDefender scans in the past without this issue? So I really don't have a rootkit problem?

Thanks for your help!

One last question, my options are 'take no action' and 'unhide'. Does is matter which option I choose?

Cristi Raducu

The files are indeed rootkits but they pose no threat,just select 'take no action'

Only a deep system scan will search for rootkits.What type of scans do you usually run?

BlueGreenPurple

The files are indeed rootkits but they pose no threat,just select 'take no action'

Only a deep system scan will search for rootkits.What type of scans do you usually run?

I guess I'm not sure. The BitDefender icon shows a triangle every few days saying I have an issue to fix which is that I haven't scanned my system in X days so I click 'fix' and it scans.

Cristi Raducu

I guess I'm not sure. The BitDefender icon shows a triangle every few days saying I have an issue to fix which is that I haven't scanned my system in X days so I click 'fix' and it scans.

During this time BitDefender was running full scans,that's why you did not notice the rootkit entries.