Answering the question "Task Manager shows 100% CPU utilization, but nothing in process list does.", Paul Woodward stated that his problem with 100% CPU was a rootkit infecting his computer. My computer seems to suffer from the same problem.
Which software for Windows XP do you recommend for detecting and removing a rootkit?
I don't think you can actually use it to 'clean' a rootkit, but a very good 'detector' is RootkitRevealer from Sysinternals.
I wouldn't trust any of them. Once you've been "pwned", the best thing to do is start with a fresh system install.
Soon not even that will be enough. I've heard of malware that will find an EEPROM chip on your motherboard and over-write it with it's own firmware. The new firmware will duplicate the functionality of the previous firmware, but also have a copy of the virus waiting to install when that code is invoked. So you could completely reformat your hard drive and still be infected.
I think the pro version of AVG has root-kit protection and removal.
Personaly, if i found my windows box infected with a rootkit, I would just reformat and reinstall the OS. Even if there was a good tool out there that says it removed everything, I just would have a better peace of mind just reinstalling it all.
I use a program called "Malware Bytes" It is free and it works great. It kills nasty malware and rootkits.
There is also sophos anti-rootkit which they claim can remove rootkits. It's a free download but you have to set up an account with them first. I've not had a chance to test the veracity of their claims myself (thankfully).
currently trying in vain to remove a rootkit problem on my pc, not having any luck.
have tried avg (my current main antivirus) which doesnt find anything have tried the microsoft online live scanne which didnt find anything have tried prevx which misidentified Tor as malware malwarebytes never finds anything either superantispyware found a rootkit and removed it, but didnt completely fix the problem
have tried thestubware which was recommended to me on here, and it finds the rootkit, but each time it removes it, when i reboot it comes back again with a different file name.
am going to try sophos rootkit revealer now.
You might have a rootkit on the computer, in which case you should run HitManPro 3.5, which will detect the TDL3/TDSS/Alueron rootkit.
If you are absolutely sure you have a rootkit, run one of the following (in order of importance)
For the record, I've got to suggest PrevX.
When I had malware problems a while ago (initially noticed by some vague McAfee access-protection violation) I was scanning and submitting suspect files all over the shop. [I seem to recall about 25% of the online scanners recognised anything wrong with the files at all - but wouldn't agree on what the problem was.] I went through all the removers and/or manual steps I could find, but those bad files just kept coming back.
PrevX (which was free to download and scan - you had to pay for removal) only gave some kind of generic name for the infection but I decided to throw my £20 quid at them as a last resort because:
a) I was getting desperate: I was about to have to do a reinstall just as a work deadline was resuming;
b) Some prevx fellas were providing some extremely active and knowledgeable support on a forum somewhere and I think that was the only relevant mention of the combination of bad files I was finding on my machine.
c) IIRC, they had some deal where if PrevX didn't remove the infection they promised to personally investigate (like remoting onto your machine or something) - and was it a refund too?
(I'm definitely not affiliated or anything. Was just entirely satisfied by a product that did what I needed it to do at the right time. And, um, I'll renew my lapsed subscription next time I find a problem!)
