Avast WEBforum

Business Products => Archive (Legacy) => Avast Business => Avast Distributed Network Manager => Topic started by: Fatou on March 10, 2009, 03:14:00 PM

Title: win32 rootkit-gen rtk
Post by: Fatou on March 10, 2009, 03:14:00 PM

Hey There,

I am really feed up removing the virus/malware "win32 rootkit-gen rtk", It would come back again. The Avast ADMN would detected and then move it to the chest, few min later all the PC's on the net would be infected again.
Could you please, please, please help, I am desperate.
Cheers

Title: Re: win32 rootkit-gen rtk
Post by: Lisandro on March 10, 2009, 04:42:46 PM

I'm not sure you can handle the general cleaning procedure... anyway I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).