Folder AVG Forums » Other topics » Virus Removal, Tools for Removing » Can't Delete Anti Rootkit Threats
Page 1 of 2 12››
April 12, 2013 06:31 Can't Delete Anti Rootkit Threats #227681
Reply with Quote | Quick Reply | Top
martin5959

Avatar

Novice
Join Date: 12.4.2013
Posts: 2
Sorry not a computer person so if you need more info let me know

After scanning with avg free 2013 detected 5 anti rootkits
I tried putting these in sites to see if they were false positives but when I open the direction the .sys file doesnt exist.
AVG says to delete the files I need to reboot but on the next scan they are back.

Please help.... Does this mean someone is accessing my laptop or is it a AVG error
files appear like this


"";"pci.sys, hooked import ntoskrnl.exe IoDetachDevice -> spxr.sys +0x625DC, C:\Windows\System32\Drivers\spxr.sys";"Infected"



"";"pci.sys, hooked import ntoskrnl.exe IoAttachDeviceToDeviceStack -> spxr.sys +0x62650, C:\Windows\System32\Drivers\spxr.sys";"Infected"


"";"Inline hook ataport.SYS DllUnload -> spxr.sys +0x5E360, C:\Windows\System32\Drivers\spxr.sys";"Infected"


"";"atapi.sys, hooked import ataport.SYS AtaPortReadPortUchar -> spxr.sys +0x2D224, C:\Windows\System32\Drivers\spxr.sys";"Infected"

"";"atapi.sys, hooked import ataport.SYS AtaPortReadPortBufferUshort -> spxr.sys +0x2D35C, C:\Windows\System32\Drivers\spxr.sys";"Infected"


these 5 files have changed names from when they were detected the first time

"";"pci.sys, hooked import ntoskrnl.exe IoDetachDevice -> spds.sys +0x625DC, C:\Windows\System32\Drivers\spds.sys";"Secured"

changing from spds.sys to spxr.sys

what is the best way to delete a rootkit if I have one, how can i detect if I do really have one?

Thankyou for any help or advice in advance
April 12, 2013 09:13 Re: Can't Delete Anti Rootkit Threats #227693
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8245
Hello martin5959,

In order to analyze your issue please provide us with more information (AVG scan result export, Msinfo output, GMER scan result).

Thank you.



AVG Team
How-To articles | FAQ | Free Support
April 17, 2013 18:37 Re: Can't Delete Anti Rootkit Threats #227992
Reply with Quote | Quick Reply | Top
MarkofWisdom

Avatar

Novice
Join Date: 17.4.2013
Posts: 4
Anti-Rootkit?..

I'm getting the same error though for me it is only 2 files it keeps finding. They are (using the copy text to clipboard function on the scan results page)
"";"pci.sys, hooked import ntoskrnl.exe IoDetachDevice -> spdc.sys +0x625DC, C:\Windows\System32\Drivers\spdc.sys";"Infected"
and
"";"pci.sys, hooked import ntoskrnl.exe IoAttachDeviceToDeviceStack -> spdc.sys +0x62650, C:\Windows\System32\Drivers\spdc.sys";"Infected"
These same detections have come up repeatedly even after restarting to attempt to remove them
April 17, 2013 23:30 Re: Can't Delete Anti Rootkit Threats #227999
Reply with Quote | Quick Reply | Top
BIG AL 43

Avatar

Moderator
Join Date: 19.6.2014
Posts: 0
@ MarkofWisdom

Please follow the content of posting #227693.


AVG Forums Volunteer ModeratorAVG Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan
How-To Articles | FAQ | Free Support
April 18, 2013 01:03 Re: Can't Delete Anti Rootkit Threats #228000
Reply with Quote | Quick Reply | Top
MarkofWisdom

Avatar

Novice
Join Date: 17.4.2013
Posts: 4
Where to put file for diagnostics?..

I'm not sure where I should upload the file with the scan result. Should it be attached to a post here or sent somewhere else?
April 18, 2013 12:42 Re: Can't Delete Anti Rootkit Threats #228036
Reply with Quote | Quick Reply | Top
BIG AL 43

Avatar

Moderator
Join Date: 19.6.2014
Posts: 0
@ MarkofWisdom

OK, This link provide us is actually situated within the previous link.


AVG Forums Volunteer ModeratorAVG Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan
How-To Articles | FAQ | Free Support
April 19, 2013 03:28 Re: Can't Delete Anti Rootkit Threats #228061
Reply with Quote | Quick Reply | Top
MarkofWisdom

Avatar

Novice
Join Date: 17.4.2013
Posts: 4
Upload diagnostic result here?..

Upload the diagnostic report here to get support or upload it to a different thread? Sorry if I'm not understanding it clearly. Thanks in advance for any help
April 23, 2013 22:59 Re: Can't Delete Anti Rootkit Threats #228255
Reply with Quote | Quick Reply | Top
MarkofWisdom

Avatar

Novice
Join Date: 17.4.2013
Posts: 4
Help With Rootkit thing?..

Is there anything to be done about this rootkit detection that keeps popping up even after restarting and AVG saying it treated it but needs to restart?
April 25, 2013 13:04 Re: Can't Delete Anti Rootkit Threats #228310
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8245
Hello all,

It seems like detection is caused by Daemon tools driver.

In order to analyze your issue please provide us with more information (Msinfo output, GMER scan result).

Thank you.



AVG Team
How-To articles | FAQ | Free Support
August 5, 2013 15:27 Re: Can't Delete Anti Rootkit Threats #232196
Reply with Quote | Quick Reply | Top
jessicapicken

Avatar

Novice
Join Date: 5.8.2013
Posts: 1
anti rootkit threat scan results..

i had anti root kit threat scan results.. so I ran followed the procedure and here is the result
Page 1 of 2 12››