Location:
State:
Carrier
Country
Status

Rootkit Virus? Inline Hook Ntoskrnl.exe AVG


I basically downloaded the 1607 Windows update, the latest one. And one time, my AVG came up with 800 plus threats to do with a rootkit or something, and I think ntoskrnl.exe. I can't remember. Basically, the threats I think were hidden, and either way it couldn't delete them. I thought that it might of been to do with where I configured my boot settings to safe mode, as I sometimes go into that mode to be able to delete certain files I can't normally. But now, I've tried doing numerous scans with AVG, and everything seems clear and detected?? Any idea what it might of been? I haven't downloaded nothing 'bogus' since the update etc neither. Kinda worried, lol.

undetected*

If you're still concerned, which would be a valid concern when it comes to a rootkit, then run a scan with TDSSKiller which is designed to find/remove rootkits.

TDSSKiller Download

   Note
When running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.


A rootkit will create a hidden partition, at the end of the drive, 1 - 10 MB in size and set itself as the boot partition. Hence, the rootkit is already running before Windows loads. This hidden partition will not show up on Windows Disk Management in most cases.

A rootkit is a program or a program kit that hides the presence of malware in the system.

A rootkitfor Windowssystems is a program that penetrates into the system and intercepts the system functions (Windows API). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkitsinstall its own drivers and services in the system (they also remain “invisible”).
Malwarebytes also includes a rootkit scan. The free version will work fine.

Malwarebytes | Free Anti-Malware & Malware Removal

Enable Rootkit Scan on Malwarebytes

Okay thanks! I'll give them a try. It was an 'Inline Hook' virus detected or something as well. I thought it might of been to do with a registry hack for Cortana but either way, AVG is now detecting no new threats, pretty strange! Unless it was a false positive or something.

It would be a good idea to run Malwarebytes & do a full system scan to see if it finds anything else. Viruses tend to invite others to the party. Malwarebytes will not cause a conflict with AVG & it's suggested you add this to your arsenal of malware scanners. You will need to update the definitions manually every time you scan unless you opt for the Pro version.

Be aware that the free version is a "on demand" scanner & does not run active background scanning. The Pro version however does.

I'll see what Malwarebytes does. I already have it, but just waiting for AVG to finish another scan. I also have a third 'volume' disc showing under my optimise drives settings. Anyway of me finding out what that is? Although it might be where I sometimes connect an external hard-drive to my computer. Getting paranoid now, lol.

Malwarebytes hasn't detected anything thus far. If that's the case, what do you think it was previously? I mean, to detect 800 odd threats is a heck of a lot! Seems strange. Should I do a clean install or something, or you think that I'm safe?

800 does sound like a lot. That is always the safest option, a clean install. It's up to you, most people try to avoid this as it involves setting everything up again from scratch. Be sure to wipe the entire drive if you opt for this action as some rootkits can survive a re-installation.

Reset Windows 10 - Windows 10 blog

Refresh Windows 10 - Windows 10 blog

Windows 10 - Clean Install - Windows 10 blog

You will find links to other options & at the bottom of the page on all of these tutorials.

Yeah. I hate having to install everything. Pain in the arse lol. I'll see how things go. Hopefully it might not of been anything.

Yeah, it is a PIA but the best way when in doubt.

See what Malwarebytes as well as TDSSKiller says. Other good malware scanners are AdwCleaner & SuperAntiSpyware Portable.

There is another way to confirm if you do have a hidden partition on your HDD that might be hiding from Windows. GPartedis a bootable partition manager that you can use to look at your HDD. Since it runs at boot up, you can get a good look at what exists on your drive before windows engages.

As I stated earlier, a rootkit will show as a hidden boot partition, usually at the end of the drive, 1 - 10 MB in size, depending on the variant.

You can d/l it here & make a boot disk/USB.


Rootkit Virus? Inline Hook Ntoskrnl.exe AVG