Folder AVG Forums » Other topics » Virus Removal, Tools for Removing » Hidden Application, Anti Rootkit - Unable To Remove
Page 1 of 3 123››
October 17, 2013 12:39 Hidden Application, Anti Rootkit - Unable To Remove #235354
Reply with Quote | Quick Reply | Top
help4meplz

Avatar

Novice
Join Date: 17.10.2013
Posts: 8
Hi,
I'm using avg 2014 free 2104.0.4158 virus database 3614/6744 on windows 8. it has picked up a hidden application identified by an anti-rootkit. it is unable to remove it and says the data is invalid.

I've attached the exported overview from avg.

I'd greatly appreciate any help with this. My technical knowledge is quite limited so don't fully understand anti-rootkits and the processes involved to resolve this.

Thank you

October 17, 2013 19:08 Re: Hidden Application, Anti Rootkit - Unable To Remove #235370
Reply with Quote | Quick Reply | Top
HectorII

Avatar

Novice
Join Date: 15.10.2010
Posts: 153
@help4meplz

Your case sounds the same as another thread, so please follow the suggestions offered there:

http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=233936

One question: When you open AVG 2014, does every component on the top row show "protected" or do any show "not installed"?
October 18, 2013 15:55 Re: Hidden Application, Anti Rootkit - Unable To Remove #235406
Reply with Quote | Quick Reply | Top
help4meplz

Avatar

Novice
Join Date: 17.10.2013
Posts: 8
Hi HectorII, thanks for your response,

AVG says i'm protected across the top, with the individual boxes for computer, web browsing, identity & emails protected. Firewall has "activate now". I have the windows firewall active.

I restarted my computer and run the rootkit scan. it returned clear results.
over view attached

I then run a full scan and this came back clear. overview attached.

I looked at the thread you linked to and noticed others had the similar issues of it showing hidden applications and then not picking them up in further scans. Is there an infection or false positive as it doesn't have a name like shadowzgoth? I haven't followed the steps by Pokornyz in post 234842 but it is not picking up anything currently. Should I follow the steps by Pokornyz?

Thank you
October 21, 2013 21:13 Re: Hidden Application, Anti Rootkit - Unable To Remove #235580
Reply with Quote | Quick Reply | Top
NalaBoo

Avatar

Novice
Join Date: 21.10.2013
Posts: 1
Gmer scan..

I ran a scan and came up with a high security threat. When I went to remove it, it said "Unable to remove, invalid data". I downloaded the Gmer scan as suggested and here are my results:
October 21, 2013 22:38 Re: Hidden Application, Anti Rootkit - Unable To Remove #235581
Reply with Quote | Quick Reply | Top
silkabbey

Avatar

Novice
Join Date: 15.1.2011
Posts: 6
NalaBoo wrote
I ran a scan and came up with a high security threat. When I went to remove it, it said "Unable to remove, invalid data". I downloaded the Gmer scan as suggested and here are my results:

I have the same problem with all the users. I have a paid AVG 2014. This only happened after the latest AVG update/upgrade. I don't know if that's the reason of the problem as it has a very similar problem a few updates ago (with the Anti-Rootkit falst-positive). After AVG released another update, the problem disappeared.

Also ever since yesterday, my AVG has become unresponsive very often. And it detected infections which have never detected before (my scans have been clean for the last two months!)

I think someone at AVG should look into this matter, maybe release another update to solve it?

Thank you.
October 25, 2013 11:50 Re: Hidden Application, Anti Rootkit - Unable To Remove #235765
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8245
Hello NalaBoo,

Please use AVG Rescue CD and restore your MBR as described here (refer to Offline mode using AVG Rescue CD). Then, scan the system using AVG Rescue CD and remove detected threats.

Should the infection be still present after restart, please provide us with new GMER anti-rootkit scan result and new AVG full computer scan result export. Also, please provide us with a screenshot of your partition table listing as follows:
1. Run the AVG Rescue CD.
2. Switch to the linux terminal by the left ALT + F2 key combination.
3. Login as the root user.
4. Execute the fdisk -l command.
5. Take a picture of your screen and attach it to your reply.
6. Use the left ALT + F1 key combination to switch back to the AVG Rescue CD menu.

Thank you.



AVG Team
How-To articles | FAQ | Free Support
October 26, 2013 16:59 Re: Hidden Application, Anti Rootkit - Unable To Remove #235819
Reply with Quote | Quick Reply | Top
help4meplz

Avatar

Novice
Join Date: 17.10.2013
Posts: 8
I've run a GMER scan. there were 2 pop ups that said it wasn't able to scan those areas as they were in use.

the scan has this at the end.
Disk \Device\Harddisk0\DR0 unknown MBR code

thanks

November 3, 2013 21:54 Re: Hidden Application, Anti Rootkit - Unable To Remove #236135
Reply with Quote | Quick Reply | Top
FeelingGrrr

Avatar

Novice
Join Date: 3.11.2013
Posts: 1
Same problem with a Hidden Application..

Hi

I seem to have the same problems as the others . . tried to remove but get the message No Data Valid. Details attached

I have automated scans set up with AVG 2014 free edition but had decided to run another scan because of problems I was having with documents refusing to open.

The computer is now functioning ok, but am concerned since this was highlighted a severe threat, don't know what it is and I cannot secure it.

Please help!

Thanks, B
November 4, 2013 10:04 Re: Hidden Application, Anti Rootkit - Unable To Remove #236150
Reply with Quote | Quick Reply | Top
Victor_koly

Avatar

Novice
Join Date: 5.10.2011
Posts: 63
Hidden application..

I know that AVG does not scan files *.dat (Only the "Scan shell extension"), although they may contain trojans:
%UserDir%\secupdat.dat - BackDoor.Generic13.*** (Sometimes - in the folders of all users, not just the one that constantly are using. Then the Internet can not be everywhere at work.)
%System%\secupdat.dat - BackDoor.Generic13.***

The first part - blocks browsers (and update AVG) of the Internet user %User%.
The second part - "Service function NtMapViewOfSection hook -> 0x********".

Not too many of these files in these folders - can all be found and manually scan (manually scan all file types).
Page 1 of 3 123››