Rootkit Detected

By Ritwik7 ยท 6 replies
Feb 6, 2008
  1. AVG Anti-Rootkit detects a rootkit on my computer.

    Rootkit Path: C:\WINDOWS\System32\Drivers\a5c6zkou.SYS
    Rootikit Type: Hidden driver file

    Is this a valid threat?

    Look forward to your help guys.
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    a5c6zkou.SYS is not a windows or any other driver file.
    I'd say go along with AVG Anti-Rootkit and remove it.

    But if you wish to be safe. Rename it to a5c6zkou.OLD
    If all is OK, delete
  3. Ritwik7

    Ritwik7 TechSpot Chancellor Topic Starter Posts: 1,672   +9

    Sorry for the late reply kimsland. I am not able to find a5c6zkou.SYS in the C:\WINDOWS\System32\Drivers folder. Thus I cannot rename it. Should I use AVG to delete it?
    My system is running fine at the moment.
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    You needed to search for all files, extended search, include hidden and system files.

    You can either rename it yourself, or allow AVG to delete it.
    Either way is good.
  5. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    You really need to run through the preliminary removal instructions because the rootkit could have installed lots of nasties. Viruses/Spyware/Malware, preliminary removal instructions

    As far as not being able to find the file to delete it. (I recommend you follow the above link and save this step for the final removal after we have seen your logs)

    Show hidden files through windows explorer
    • Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E
    • On the Tools menu in Windows Explorer, click Folder Options
    • Click the View tab.
    • Under Hidden files and folders, click Show hidden files and folders
    • Remove the checkmark from the checkbox labeled Hide protected operating system files
    • Remove the checkmark from the checkbox labeled Hide file extensions for known file types
    • Put a checkmark in the checkbox labeled Display the contents of system folders.

    This thread is for the use of Ritwik7 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  6. Ritwik7

    Ritwik7 TechSpot Chancellor Topic Starter Posts: 1,672   +9

    Hi Blind Dragon.
    I run AVG Anti Virus, AVG Anti Spyware, Sophos Anti Rootkit and A Squared Anti Malware on my PC. No malware is detected by them. My browser is not hijacked. I also ran the online virus scan at Trend Micro. It came up with a few security vulnerabilities which had to be fixed using Windows Update by downloading some new updates. My PC is running fine. Can't I just remove the rootkit using AVG as Kimsland suggests?

    Now the rootkit is detected as apl7a7wx.SYS and not as a5c6zkou.SYS

    Even after following the instructions of showing hidden files through explorer I could not locate the file. Can I safely remove it?
  7. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    It is your computer and you can do whatever you want. I would suggest posting a combofix log afterwards, but it's up to you
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...