Rootkit Removal

I have been using combofix with good success.

Is the Mac o/s on the rootkit-scare-list? Probably not, but it would generally help the reader to state explicitly in the first line of the article what o/s's are vs. are not affected when discussing malware.

EDITOR'S NOTE: Mac OS X is unix with a pretty face. So YES, it could be vulnerable to a rootkit attack. See http://theappleblog.com/2008/01/23/why-mac-security-matters-os-x-rootkit-hunter/

Thanks for the URL vector re possible Mac o/s x rootkit attack. It appears that a few knowledgeable people think it still isn't worthwhile scanning for o/s x malware, a few think it may be worthwhile especially for servers and a few swear that their personal machines have been taken over by unidentified forces of evil. Probably, the best approach at this time is to not bother scanning for o/s x rootkits unless you run a server farm but to be damn certain that you trust what you're installing before typing in an o/s x admin. password!

Rootkit Revealer is a great program but supposedly it does not work on 64 bit Windows. Does anyone know if this is true and whether UnHackMe will work on 64 bit systems?

Last year I had a rootkit virus on my computer and nothing would take it off. I finally just bit the bullet and reformatted the c-drive with my restore disk and started over.

I downloaded UnHackMe and when I try to start it my AdAware Ad-Watch Live! monitor blocks it saying the reaminator.exe process has been identified as Win32.Worm.Mabezat!

What's up with that???!! I have uninstalled the product, awaiting a response from you...

EDITOR'S NOTE: Are you sure you downloaded Unhackme from the official site? If so, it sounds like a false positive.

Just for curiosity's sake,after reading this blog, I intalled Reanimator: it gave me some yellow fair warnings mostly about unfamiliar codecs (from KMPlayer,I think) & Autodetect from Rogers wireless stick...nothing serious,...I did not send report or delete my codecs. Did not install UNhackme.
but then my heretofore stable PC, became a little crazy, ATI All in WonderPro TV tuner lost it's sound, tried reinstalling, drivers no longer seen...fixed that, then it was something else, been chassing ghosts for two days, still no sound for TV tuner, used system restore...twice..got even worse with many double entries"(2)" in Program files, filally used a saved ERUNT's "ERNDT" registry image from a month ago, cleaned up extra program files manualy, now seems to be stable,..will next disable RESTORE, shutdown XP, then re-enable it. Will then eradicate ATI All in Wonder and drivers and try to re-install it. Hope it will work,.. fairly confident... if not, I'll reboot XP, no big deal...I learn from experience...kind of fun isn't it.
After only one year of reading BOB's newsletters, I'm never "really" stuck anymore, and I even use LINUX now on my other drive, so in the end, I can still honestly say thank you so much BOB for the all the tricks, and the independence & confidence you've given me.(This is my first post)

@Ariel6345: Usually the rootkit will be backed up by System Restore and thus be reactivated when a restore point is used.

Marc Erickson
Vancouver Computers Examiner
http://www.examiner.com/x-34009-Vancouver-Computers-Examiner

What about the Rootkit Eliminator from F-Secure named Blacklight !!!!

It is a free download program and can eliminate any rootkit on your computer, I think you have to be more thorough with the programs you compare with.....

I am a IT mgr of small company(23 employees)
One of the employee sent his laptop to me asking to remove virus.
I'm not an expert of Virus, but I found that two instances of iexplore.exe is keep showing in taskmgr. I tried to get rid of them by many anti virus/spam but no result.Struggled couple of days, spent many hours , but in the end "unhackme" did remove the iexplore.exe. MANY many thanks for unhackme.com!!