How to Remove a rootkit
Welcome, Guest. Please login or register. Did you miss your activation email?


Pages: [1]
« previous next »
  Print  
Author Topic: How to Remove a rootkit  (Read 1240 times)
Britec
Administrator
Hero Member
*****
Posts: 3497



View Profile
« on: January 12, 2010, 05:53:11 AM »
How to Remove a rootkit

Problem

My computer is infected with Rootkits, Antivirus software reported it but cannot delete it. I can not find it in my computer, please tell me how to remove a rootkit? Sound familier?

Solution

   1. Download IceSword and run it. You'd better change the program name, because some malware won't let IceSword.exe launch.



   2. Click System check, a hidden process is found.



   3. Click Process, the hidden process is shown in red color. Right-click on this process, select Terminate Process to kill this process. You can also select Module Information, Unload the hidden process.







  4. Check the Kernel Module, find out the suspicious module.



  5. Check the Registry, find out the rootkit's registry value.



  6. Use the built-in file manager, locate the rootkit file and delete it, because using windows explorer can not see the it.





7. Next click the Startup, check whether there are suspicious files left.



8. Some rootkit may create a new service, click Win32 Services to find it and disable it.



9. Now the rootkit in your computer is removed.
« Last Edit: September 02, 2010, 08:23:27 AM by Britec » Logged


ahmadmaher
Newbie
*
Posts: 2


View Profile
« Reply #1 on: May 02, 2011, 06:14:40 AM »
thank you , this is a nice full topic ...  You Rock
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to: