Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Updated: rootkits, slow machines, and “clean” scans

 Due to a heavy schedule, today’s How To is a reposting with updating — June 21st, 2007 —
What do you do when your PC is displaying all the signs of having been hacked and/or infected but your antivirus and anti-spyware scan reports come back clean? This was the case for a fella who emailed me for advice recently. He had done things ‘right’ — and by that I mean he has a firewall, he keeps his antivirus definitions up to date, and runs a couple of anti-spyware applications — but suspected his machine had been hacked anyway: he couldn’t do things he was used to doing (like deleting a file) and his machine was “really slow.” According to his scanners, his machine is in perfect shape.

Tip of the day: If you should find yourself in a similar situation there are several steps you can take to help resolve your questions and (hopefully) fix your machine without taking the drastic step of wiping your hard drive, formatting, and reinstalling Windows. The first step is to use a scanner that isn’t installed on your machine. Here’s two ways to do that: one, if your antivirus allows it (and most of them do these days), follow its instructions and make an antivirus recovery disk. This is a bootable disk that scans your system before Windows loads. To use one, put it in your CD tray and restart your machine. A plain-text sentence will appear telling you to “press any key to boot from CD…” When you see it, hit your spacebar or, well, any other key, and then follow the instructions. When it’s finished, remove the CD and restart your machine again. (If your PC is not set to look to a CD for booting, click here for instructions.)

The second way is to use an online scanner. I have a list, with links, of several good online scans on my website, here. Quite a few of the online scanning tools will try to sell you their full application, but you’re under no obligation to buy. The big advantage to these two methods lies in the fact that they have not been compromised, or altered, and the files and scanners on your machine may be, the modification being done by the virus or hacker.

Another thing to do is scroll down to my “Today’s free link” and download HiJack This! Run it and dump the result into a .txt file (there’s instructions for this) and then register on one of the HiJack This! forums (there’s instructions for this too) and post your results there. Before too long, an expert anti-malwareologist [don’t bother looking: I just now made that word up] will have looked over the intricacies, and will post his analysis and instructions. These guys (and gals) are really, really good at what they do, and you can trust their answers. (This is not your typical “forum”, where any ‘ole Tom, Dick, or Harry can post replies.)

Also run checkdisk with the “r” switch (this probably will require a reboot) to make sure your hard drive is shipshape. Click on Start >Programs >Accessories >Command prompt. In the white-on-black window type “chkdsk /r” (no quotes). You may be told that certain files are in use, and asked if you want to “schedule this at the next reboot Y/N?” Type in a “y” and restart your machine.

Hopefully these efforts will be rewarded with a rejuvination of your machine, and you will be back in business again.  If not, you have my sympathy. You may have a rootkit and then your best solution is to re-format your hard drive and reinstall everything [updated 8/1/2007 there are a couple anti-rootkit scanners that may remove a detected rootkit infection. You can certainly try them before resorting to a wipe/reinstall, but you should understand that rootkits are nasty buggers. I suggest that if you suspect that you have a rootkit, you download and run BOTH Blacklight and Panda Anti-Rootkit.] Or you may have been hacked (follow the steps I outlined in the post Security basics #1 click quicklink here and look for User account that you [or Windows itself] didn’t put there, and disable it if you find one!). But these steps are where I believe you should begin.

Today’s free link: Merijn.org This is the home of HiJack This and the entry portal to the user forums. It is also an excellent knowledge resource.

Copyright © 2007 Tech Paul. All rights reserved.

Share this post :

August 1, 2007 - Posted by | advice, anti-spyware, antivirus, computers, how to, PC, rootkits, security, tech, Vista, Windows, XP

No comments yet.

Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: