It picked it up a while back as a Hidden File but never found it again...

AVG said it wasnt powerful enough to remove it, I could use a power user but it could Slow down or Crash my computer. Should i do it anyway?

Reflashing the BIOS usually solves BIOS Rootkits, I stampled on this video, not because i got infected lol, i am a security expert, but i was interested to see if the tutorial is any good and all I have to say is that you explained it very well.

Reflashing the BIOS? What if it is either inaccessible (as mine is, inside the southbridge) or ROM?

@1RadicalOne Read my comment "Reflashing USUALLY solves", I'm not sure in your cases if it woulf help.

I interpreted your statement to mean that reflashing usually removes the kit, sometimes not.

@1RadicalOne ok.

@1RadicalOne Hehe i have no idea what your saying but it helped

...If you did not understand it, how could you use it to help yourself?

spywareterminator looks like a rouge

Will comodo internet security detect and remove rootkits?

I have no idea.

@1RadicalOne dude, i have the UnHackMe , and the comodo antivirus , and both cant delete it, comodo cant detect it, however UnHackMe can, but cant delete it, it requires me a " warrior boot cd " or whatever that is...

i will try it ur way, but how can u guarantee that this would work 100 per cent ??

and can i keep these 3 antivuris programs running at same time without causing damage to each other ??

I cannot guarantee ANYTHING will work 100% of the time. Even reinstall.

But yes, these three programs can work together fine, though if your computer is naturally slow, you may notice a performance drop.

i like the song

This shit avg anti rootkit doesnt work on 64 bit vista... what im gonna do now ; / : (

Not having ever had a rootkit on a 64bit system - I did not even own one until recently - I do not know,

@1RadicalOne , I've got this virus only on one disk, fckin usb 1tb drive ... heh

i used a total comander to copy file from drive to another drive... now i have to wait til copy is over, than I need to permanently delete partitions from hard drive and create a new one using Gparted... i think that this might help.

ech, fcking virus.. hate that shit...

What if your system files are infected, and their removal stops the system working?

This is why I recommended backing up the files it found to a floppy, so you can reinstate them from DOS.

After you get the re-infected Windows working again, try running some of MS' system repair services. These replace the system files with the "original" copies. This may cause you to lose updates and functionality in some software, especially "deep" things like DirectX.

wonder if this would work on a bios root kit

Unfortunately not. As I state in the description, since BIOS rootkits are within the hardware itself, the only way to eradicate them is to replace the hardware. Even reinstalling the OS is not enough.

So, unfortunately, you need a new motherboard.

On the bright side, they are not that expensive, and you will probably get one with improved performance. :)

Please understand that security experts reccomend repartition and reinstall because there are proof of concepts in the wild that show this is the only way to remove a rootkit. This is not true for every rootkit but how are you going to distinguish?

If you have been rootkitted I suggest repartition and reinstall.

Why argue with computer security experts?

Do you think that 1RadicalOne has more knowledge and expertise using some free software than experts working withing the industry?

There are other factors to consider, especially with newer versions of Windows - XP and later.

One, a factor universal across all systems, is data loss. Most people wince at the idea of losing years of work, and backing it up risks backing up the rootkit or some other secondary infection.

Two, cost. Most OS discs allow a maximum number of uses before you re-purchase a license. And Windows is expensive. Not to mention tech support for those who do not know how to do any of this.

Three, time.

@petera123321 HEY its worth a shot before i reintsall windows!!!

I would rather remove the rootkit and go on with my life and be able to use my computer then reinstalling windows and losing years worth of data that i cant backup because the rootkit infected the file ill have to pay $1000's of dollars i already spent on photoshop after effect soneyvegas and more THINK OF THAT BEFORE YOU POST A RETARDED COMMENT

He has posted three comments at different times on this video, basically repeating over and over how I must be some hacker trying to crush the tech industry.

And he has removed one of his comments, which says a great deal about his confidence in his position.

@1RadicalOne i know thank you for showing me this video, But i have to download and install them on my sisters computer first then move them over onto my computer bcuz of the rootkit

Yes, that is a way around the rootkit's blocking of certain program downloads.

I do like the song :D

Hello every one hitman pros a very dangerous i had 16 computer carsh after using this program

will this get rid of the uuu.uuu, xxxyyyzzz.dat, , and xxx.xxx rootkits???? malwarebytes finds them and says it removes them and i can even go to the temp folder and try to delete them but then they pop up again, they keep replicating!!!

Read my comments about Malwarebytes. I do NOT recommend the software.

I like the video. The problem comes when these programs cannot perform their functions due to the virus corrupting said program.

So unfortunately, as in my own case, a reformat of all drives and reinstall of Windows was needed.

AVG Anti-rootkit is integrated in the antivirus

Also.. Malwarebytes Anti-Malware is all you need :3

AVG only has Antirootkit if you pay an obscene price for it.

And Malwarebytes wrecks WinSock.

Good Video : )

Spyware terminator is a known maliscious website.... nice try hacker... how many fools did you get with this video?

It is not a malicious website, and I notice you provide no evidence that it is.

In fact, your only "argument" is to call names.

1RadicalOne,

This is a thorough, and brief video demonstrating how to remove the evil rootkit. I thank you for the large amount of effort necessary to accomplish this task.

But, I do not know you, and you have no links in your description. How did you find this elaborate solution? What makes your advice credible?

Kind Regards,

1979Tron

I have links in the video. I could put them in the description if you wish.

How did I find this solution? Through understanding the nature and function of a rootkit, and the software I used to remove it.

I cannot prove to you that it works unless you try it, so I admit my evidence is anecdotal. That said, what harm could result from running a virus scan (barring user error)?

I think avast! can get rid some of them.

lol man, i cant believe you just told someone to delete their system folder and actually mean it.

I did not tell them to delete their system folder; I told them to delete a file in it. That file is thought to be a rootkit. Perhaps if you listened.

disinformation. talk about blind leading the blind.

What the hell is your problem?

i have a question. i had avg already but recently it says i have a hidden file and its a rookit. its from the file windows/32 is this a real rookit or the computer trying to be protective?

System32?

Rootkits are indeed found in that folder or its subfolders.

Back it up to a floppy, (a FLOPPY), delete it, reboot. If your computer fails to reboot properly, reinstate the file from the floppy. Other types of drives (CD, flash, etc) will NOT work.

i dont get how u find it or what do i put in my floppy =[ im not a tech person sorry.

in my avg it says windows/system32/drivers/Eagle­NT.sys

Copy EagleNT.sys to your floppy, then remove it from your computer. Restart.

If Windows fails to boot properly, put the file back in its original place - C:/windows/system32/drivers - via MSDOS.

why do rootkit exist

They're a criminal exploitation of a rather stupid move by Sony.

wow. I looked it up, that's interesting. Thanks a ton for this video btw

i scanned my comp and found 2 trojans and got rid of them... but one that i know of came back Trojan.FakeAV a really annoying one... it tries to get me to install a fake antivirus program but it's really just more viruses... im not sure what a rootkit is but could this be one? i think i have deleted this virus twice but it keeps coming back...

No, rootkits are more extreme than that.

Many viruses respawn like that; I have one solution that may work. Find a file critical to the virus (a DLL or something).

Delete it, and make a bitmap, text, wave, or other nonsense file that contains nothing. Rename it to the DLL's name; now the virus can't create its essential files due to name conflicts.

@1RadicalOne any suggestions how to find it? not a computer expert and i havent ever had a virus that kept jumping internet pages like this and respawning

AVG found it and (temporarily) removed it, correct? Find the directory in which it was found, with your filename in mind.

@1RadicalOne i dont use AVG i used spyware doctor

It still found the virus, correct? It should list the directory in which it was found.

i had alot of things like adware stuff like that left in quarantine i've deleted em completely and havent seen any thing wrong so far hoping for the best cuz that webpage jumping was getting annoying

@1RadicalOne im still stumped on how i even got this virus o_o

Five times out of six, viruses are obtained from unsafe software, downloads, or visiting unsafe websites.

also... how can a web page cause blue screen? it said my computer is infected and i exited the pop up and then my comp went blue screen could the blue screen have been fake too?

If the blue screen is real, it means the virus infected a web driver - THAT would be a sign of a rootkit.

Yes, the screen could be fake. Look for errors (spelling, grammar, things Microsoft wouldn't say); some fakes are rather poor.

@1RadicalOne Dude iv'e used so many programs like, Malwarebytes, Trend Micro, Spybot, Super Antispyware, Avast!, and I still cant get rid of this stupid shit. When ever I go on any site I get redirected and these random ass spam sites pop up. How can I delete them? Please respond.

Did you try the method outlined here? If you simply cannot access a webpage to download them, try downloading the installer on another computer and transferring it via a flash drive.

@1RadicalOne I have been seeing a lot from safe sites with infected ads.

Yes, that happens. I recommend a script blocker like Firefox's NoScript.

i have been getting 1 of 2 errors either dcom server terminated or plug and play terminated and my computer does a 1 minute countdown then restarts my computer does anyone know whats wrong, plus everytime i go to yahoo serch and try to find something i get redirected, ive run every av program i own nothing works plz help

Have you tried the process outlined here, or is that what was causing the dcom and plug-and-play errors?

Both of those are driver-related, and it is drivers that are commonly targeted by rootkits, so I believe you do indeed have a rootkit, further reinforced by the browser redirection.

I am afraid I do not know the answer - short of formatting your hard drive and reinstalling Windows - if this video's process does not work.

I have a rootkit....when I delete the file..it come again when i restart my computer! it's and .FNR file I don't know what to do...

Are you sure it's a rootkit? It might be Windows files being protected by the OS Protection System.

If you are sure it is a rootkit, start your computer in safe mode and scan again.

right after using avg anti rootkit removing everything and rebooting windows did not boot so I was not able to get to the next steps. I ended up just popping in a linux live cd and backing up all my files to an external hard drive and reformatting. Nothing was lost except some if my time. O well

AVG AR clearly tagged Windows OS files as rootkits. That has never happened before. In the future, this can be avoided by backing up the files to a floppy (not anything else, as it needs to run in DOS) and copying them back into their original location if Windows fails to boot.

I have avg 9.0 internet sercurity for free msg me and il tell u how to get it

Spam and illegal activity. Blocked.

couple questions...

should i do this in safe mode?

Does this still work? Seeing as this vid was made 08.

As far as I know, it should still work.

As for safe mode, I would recommend that you only enter alternate modes if the antivirus software is not affected, (which it likely is not).

I think i got a rootkit and it keeps on executing the programs i open.

Any solutions to fix this problem?

Watch the video...

some rootkit can be remove by avg

Only if you pay for the "Full AVG Security Suite".

um. i have actually paid for avg. it has EVERYTHING to destroy all viruses, including rootkits. it also has the things you said to download that is in this video. i still have one, though.

If you have paid for AVG, then you don't need the programs and processes outlined in this video. However, you are in the minority.

Umm *ermmm* downloading 3/more virus removal applications can lagg up a computer or stufffffff

Would you rather have a rootkit?

besides, after the root kit is gone, you can just uninstall all of them.

when it delete a rootkit from avg anti root kit...it tells me if may make teh computer messesed up

Yes. If the file is a system file, it may wreck Windows. If you want, back up the files to floppy - NOT a USB - and then remove. Simply replace them from a floppy in DOS if their removal breaks the computer.

it "might" it might not

can you give us some links?

They are in the video.

Is there any good way to prevent drive-by downloads?

Get a javascript blocker. I use NoScript.

I use that yes , but what when you visit a fake site and enable it to that site. Can you do anything to stop the download then?

My advice is to be careful about what sites you visit. Try the "WOT: Web of Trust" plugin. It will automatically warn you of dangerous sites should you be about to visit them.

I can't open the Anti-rootkit after I installed it. Does anyone know why?

Rootkits like to do that. Denial of system administration abilities is a hallmark of malware activity. Unfortunately, there is little than can be done by this point. When forward does more damage, and you can't move back, the only thing to do is exit sideways - reinstall.

The rootkit i have logs me off windows when i run avg anti root so it doesnt complete the scan....any ideas?

Does it completely reboot the computer or just log you out?

nah it just logs me off before any scan can be completed. this rootkit is a pain. I got it from a fake activex.exe plug in

If it just logs you out, try making another account (admin). I doubt the rookit will let you, but try anyways.

it is the admin account it logs me out from, I got no choice but to reinstall but I backed my important shit on dvd luckily thank god.

Then your path is clear.

can't rootkits be removed by anti-spyware programs? I have Spyware Doctor, it detected a rootkit and it deleted it. At least, that's what it said.

I would not trust a program that is designed to remove one kind of malware to remove another effectively.

i'd just dban then do a quick format

what to do if it's a persistent rootkit?

Did it survive this process? Then it sounds like a BIOS rootkit. I'm afraid there isn't much you can do in that event.

will removing the CMOS battery get rid of the rootkit since removing it deletes BIOS information.

Be careful. That will empty your ENTIRE BIOS. That may make booting impossible in the future, necessitating a new motherboard.

actually, it doesnt deletes BIOS. It resets them.

I suppose it depends on the motherboard...mine warns never to let power run out.

do u know gmer? i used it, but it wont let me delete anyfiles, the words are not clickalbe on delete or normal files too

No, I do not know gmer.

AVG doesn't sell anti rootkit separately anymore =( QQ

No. That's why you download it from this link here.

You are awesome, thank you :D

Some malware will do that. I had one stick to WinSock once. Unfortunately, no one method is effective for all classes of malware.

Just a question, does it need all 3 of them? Or are those 3 listed that can be used. I have 2, one of them won't work on my computer.

You need all three.

Do all that... or you can get regrun. :P

Works great to remove rootkits.

[And it only scans running processes and all services, thus it takes like 3 seconds.]

But that also means your computer won't be 100% clean. As some viruses can infect exe's.

If it only scans running processes and services, then it won't be very effective.

tnx for the guide... if i keep this 3 programs on my pc, would it affect the performance of my games?

Depends on your computer. The more powerful, the less effect. However, game performance is a small price to pay for continued security.

i cant see... whats to be change int the view menu its not clear

You don't need to be able to read the text. Just match the boxes (and the description lengths). I can't record a video in good enough quality to help. Try the HQ version of the video.

i have this verizon internet security suite and it says i have a rootkit and when i delet it it will go away then it will come back after a while

what should i do?

Get realtime shields.

Hey If i reformat my computer will it remove any rootkits ? plz answer me asap ! im waiting here :S

It will remove all but a BIOS rootkit.

I tried gmer and VICE at my computer but both don´t run. I suppose I could have this fu rootkit. I found two new trojans but I can´t do everything because my pc says I´m not the admin.

That's classic rootkit behavior - stealing the admin privileges. Once that happens, it's too late and there's not much you can do but reinstall.

how do you know if you have a bios rootkit?

If you are not booting into an OS that behaves as it should. If it seems that you are in a "virtual OS".

I looked at where the rootkit was and it was in the drivers folder of my system32 any recommendations? also I get a bsod when I try to run any games I want to play like bf2 css...It wont let mbam run either :/

Rootkits usually appear in the drivers folder of system32. System32 is the kernel of Windows. Sabotage that and you have control of the system. I have no idea what bf2 css is, but it may be trying to access a now-corrupted data pack.

battlefeild 2 counter strike source lol they are games xD

how would you delete the rootkit? because the rootkit wont let mbam run and avg wont delete the rootkit

A BIOS rootkit can only be removed by replacing the BIOS chip(s). Sorry.

no just a regular rootkit not a bios rootkit

if AVG AntiRootkit, a devoted antirootkit remover, cannot remove it, there are two possibilities. One, it's not a rootkit (hardware damage, maybe?) or two, it's brand new and thus unkillable as of yet.

Hey AVG Rootkit Remover has found the rootkit in

C:/Windows/system32/drivers/UA­ckmnkelnbitpwmaqmo.sys, I am scared to remove it? Is it ok. Also it says its in a hidden driver

and I got wndows/system/drivers/ndsis.sy­s

".sys" is a system file extension, but it doesn't mean that the rootkit isn't posing as a system file. Back that file up to a floppy (not a USB key) and delete it with AVG AntiRootkit. If your computer fails to boot, restore the file into its original location from the floppy.

Chances are, it IS a rootkit (they like the drivers folder, for reasons I won't go into here), but better to have a backup just in case.

ok thanks,that may solve my problem, but I can't back it on USB ?

No, because a USB cannot be read in DOS, which is what you'll be stuck in of Wndows's won't boot.

oh,that's bad I don't have floppy ......

You can often get several for a dollar at Futureshop or something.

ok.

ummm can you help me ummm norton is being blocked by a rootkit i virus scanned it with avg and it detetcted it and removed it

but when i scanned it with comodo its still there i think or it could be four me rootkits on a seperate account

so how do i remove it without potentionally recking my comp with comodo?

Don't use Comodo. Use the process outlined here.

hi. . my computer has a rootkit . .i just follow ur way but that damn rootkit is still there . . whenever i use my avg and start scanning, . . it keeps saying acces denied. . plss help

My guess? You have a ring 0 rootkit. Unfixable. Sorry.

not entirely true use ubcd4win its a bootable antivirus but it cannot defeat the bios rootkit but anythign else it will be pwned lol

i have avg 8.5 for like 3 computers but it scans and says i have a rottkit (randomjunk.sys) but it says it needs to reboot but when it does its still there and i cant find it in explorer

if the first post isn't clear or didn't get added. download avira personal antivirus, malwarebytes, and superantispyware free. update them. and run the progrem one by one. if i was the infected user; i will run superantispyware, then malwarebytes, and finally avira. thats should fix the problems.

Malwarebytes is flawed software. DO NOT USE IT. Use it, and you will end up with WinSock in tatters.

How is malwarebytes flawed?I used it to get rid of a rootkit and never encountered any problem.

wait, how come in the avg antivirus u turn off the "search for rootkits" thing in the scan options? shouldn't we be searching for rootkits?

You can only use that feature in the full version of AVG 8. If you want to spend $55 a year, go ahead.

oh thanks. nvm then.

lmao just use rootkit unhooker or gmer or icesword...

thanks man! i had a rootkit and i got completely rid of it using ur way ^.^

avg anti rootkit is aready dead. AVG isn't giving it anymore updates

They're not updating it anymore, but it is still effective.

Is it in same order because i use vista

Can you tell me the settings i have to set at 0:10

And at 1:18 . I cant see them because youtube always lower the quality.

What does rootkits do?

take over your computer system

well my dad had some computer guy come in and he said that we had one

it didnt find it. what do i do?

I don't really think it's a harmful one, I highly doubt it, and I'm not really having computer problems, you think it would just be okay if I just ignore? I heard that alot of rootkits are usually un-harmful.

i got the same problem as you.did you find any solutions?plz answer

What problem?

I've tried deleting it, and next the time I start my system it's found in the same spot, BUT HAS A DIFFERENT NAME, I've tried deleting many times and I get the same problem.. Same driver different name. Thanks for the quick reply and hope I get another! :)

Same for me!!!!!!!!!!!!!

My AVG 8.0 found a rootkit but it's a Driver, and when I try to remove all un-healed files (just that one rootkit) it says "Access is denied.. It's a Driver in 'C:\Windows\System32\drivers\'

And the name of the file is 'a6u2fmrb.SYS'

Not that telling you the name would make a difference but, HOW DO I DELETE IT?