PDA

: Removing rootkits with RootRepeal



Ruthless
11.11.2009, 16:53
http://img3.imageshack.us/img3/4866/rootkitlogo.jpg


I Brief Introduction:


1. What is a rootkit? - A rootkit allows someone, either legitimate or malicious, to maintain command and control over a computer system, without the the computer system user knowing about it. This means that the owner of the rootkit is capable of executing files and changing system configurations on the target machine, as well as accessing log files or monitoring activity to covertly spy on the user's computer usage.

2. What is a RootRepeal? - RootRepeal is free specialized software to detect and remove stubborn rootkits, hidden deep in your computer.


II Action:


Download RootRepeal from here (http://www.ad13.geekstogo.com/RootRepeal.rar) and save it on your desktop. Unzip the archive on your desktop again.


The original file should look like this:

http://img121.imageshack.us/img121/7823/screenshot1g.jpg

RootRepeal is one of the best rootkit detectors, it makes widespread. Therefore, hackers create their malware, so that it can block the widespread custom software. An example of such software is: TrendMicro HijackThis (http://free.antivirus.com/hijackthis/) and MalwareBytes' Anti-Malware (http://www.malwarebytes.org/mbam.php). It's advisable when working with such programs to be renamed in advance, it will mislead the malware.

Rename RootRepeal.exe of Virusinfo.exe (No matter what name will insert), before you start.

Once you are ready with instructions to here, you can start. Run RootRepeal. This will open the first window of the program, which looks like this:

http://img121.imageshack.us/img121/476/screenshot3x.jpg

From the newly window, go to Files tab and click the button Scan.

http://img42.imageshack.us/img42/535/screenshot4un.jpg

The next step will be to specify which drives to be scanned. Check the box next to all drives and then click the OK.

http://img269.imageshack.us/img269/145/screenshot5nx.jpg

RootRepeal will begin to scan those drives. This may take some time so be patient and do nothing until the program scan. When the scan is completed successfully will open a new dialog window with the results of the scan. What you should do is carefully to find the line, where path is set to rootkits and click with right mouse button on it, then select Wipe File.

http://img407.imageshack.us/img407/2771/screenshot6ua.jpg

In the next window will have to confirm that this is a rootkit, you want to get out. This is your last chance to cancel if you made a mistake in choosing otherwise the file will be permanently deleted.

http://img199.imageshack.us/img199/4707/screenshot7pu.jpg

If a rootkit has been successfully removed, you will see the following:

http://img8.imageshack.us/img8/1981/screenshot8c.jpg

Click the button OK and immediately reboot your computer.

This will exclude rootkits, but it's now necessary to clean any residue.


This article is written by me.