Rootkit Scan Found Thousands Of Items
I'm using Bitdefender AV 2010 with Comodo Firewall and Defense+. I've changed the path of the My Documents folder, so that while it was earlier in the same partition where XP is installed, now it is in another partition on a second HDD. On that partition, I've used Defense+ to block access to certain folders where I store a lot of stuff, but the My Documents folder isn't blocked.
Since the past few days, I've noticed the computer being sluggish. I generally don't scan with the AV regularly, about once a month, since the real-time detection is enabled and it is supposed to take care of malware right in the beginning, from what I understand.
Anyway, I started a scan of the XP partition (on HD1) with the rootkit option selected. It scanned the partition pretty quick, but then it said it was scanning for rootkits and went on for two hours without showing any path of where it was scanning. I finally got tired and stopped it, and when I opened the log file, which actually doesn't open fully in Internet Explorer because it is too long, it showed that there 14080 hidden items, and it said in Threat Name: Rootkit - Hidden items. All of these are files in the other partition (on HD2) which houses the My Documents folder, but these files are not in the My Documents folder, and I had only selected the XP partition for scanning. BitD has found rootkits in every single file, including jpegs, word files, flvs and mp3s, etc. None of them is actually hidden, since I can see them in explorer.
1. When we scan for a rootkit, does it always scan the whole computer, or can we scan an individual file? In this case, a whole lot of files not in the scan path got scanned.
2. There is a special tool from BitDefender for rootkits, though I haven't downloaded it yet. Is there any need to scan with it, or is it the same that is there in the main AV?
3. I used other tools, like Sophos Anti-Rootkit, and it found "Unknown Hidden File" in places like "Program Files\Foxit Reader.exe", "Program Files\Common Files\Bitdefender\Setup Information\{blahblahblah}\pluginsx86.exe", etc, and finally recommended not doing anything. Can anyone suggest a tool for the home dummies, that detects and deletes rootkits without asking too many questions? Or suppose I unblock all folders from Defense+ and scan the whole hard disk (200 GB + 1 TB) with BitD, how much time should I expect it take?
I'm trying to understand what rootkits are, and I've understood a bit, but to tell the truth it is way too complicated.
Comments
-
Hi well a rootkit is a program that you download or someone puts on your computer to gain control over it. With a rootkit installed your pc can be used to transfer files to other pc's or to install anything they want on your pc for example a keylogger that would keep track of what you type maybe your bank pass. Once a person has so many rootkits installed on other pc's they can use them to mount a ddos attack using the bandwidth from all pc's. You would not find 1000,s of them on a pc.
0 -
"A rootkit is a collection of programs used by a hacker to evade detection while trying to gain unauthorized access to a computer. This is done either by replacing system files or libraries, or by installing a kernel module. The hacker installs the rootkit after obtaining user-level access: typically this is done by cracking a password or by exploiting a vulnerability. This is then used to gather other user IDs until the hacker gains root, or administrator, access to the system.
The term originated in the Unix world, although it has since been applied to the techniques used by authors of Windows-based Trojans to conceal their activities. Rootkits have been used increasingly as a form of stealth to hide Trojan activity, something that is made easier because many Windows users log in with administrator rights."
If you need more information about viruses, check below link
http://www.viruslist.com/en/glossary
http://www.antispywarecoalition.org/documents/glossary.htm
1)If you are using separate tool for Rootkit Scan,it depends on the tool whether to scan whole computer or scan only System Drive.e.g Sophos Anti-Rootkit tool scan whole computer just like GMER but there are Rootkit Scan Tools which can scan only System Drive and takes much less time for scan, however I couldn't find any tool which have option to scan individual file.
2)The separate tool suggested by Bitdefender is "GMER" which you can download from "www.gmer.net".
3)You can check following website for Rootkit Scans Tool
http://downloads.andymanchesta.com/antirk.html
http://www.antirootkit.com/software/index.htm
http://www.kernelmode.info/forum/viewtopic.php?f=11&t=10
Antivirus softwares e.g Bitdefender in your case will also detects files hide by any softwares like Defence +, folder gaurd, hidfolderxp etc as Rootkits. Bitdefender has an option to "unhide" them, although it added ".bd.ren" to their extension, but however this great option give Bitdefender an upper edge over other Security Solutions.
You can create a new task for "Rootkit Scan" only. Doing so will consume much less time than using the tool like Sophos Antirootkit which scan the entire system on a file-by-file basis.
Also check the following
news.bitdefender.com/site/pdfDescription/743.pdf
Bye0 -
Hello HydraHeaded
Regarding your first question about rootkit scan for individual file, you can use the tool "GMER".Click on "Files" tab and if you know the path of suspected rootkit, browse it from left column and you will find that suspected rootkit in Red. So you can either "delete" or "kill" them.
May be this will help you.
Bye0