How to deal with rootkits?
Detecting rootkits as inactive (not running) files is easy because they are detected like common viruses. However when a rootkit is active and running, it usually becomes difficult to detect. A dedicated tool must then be used to find and remove it.
All paid versions of AVG include the Anti-Rootkit component for detecting and removing rootkits according to a predefined set of rules. Please note that all rootkits are detected - both malicious and legitimate (see FAQ What is rootkit?).
To configure and run a full AVG Anti-Rootkit scan:
In AVG 2013
- Open AVG.
- Click Computer.
- In Anti-Rootkit part of the window click Settings.
- Tick Scan applications and Scan drivers, and select Full rootkit scan.
- Click OK, and then click Scan for rootkits.
In AVG 2012
- Open AVG.
- Double-click the Anti-Rootkit component.
- Select all available check boxes - Scan applications, Scan DLL libraries, Scan drivers.
- Click Full rootkit scan, and then click Search for rootkits.
What is the difference between full and quick rootkit scans?:
- Quick rootkit scan only checks system areas and system folders (usually C:\Windows).
- Full rootkit scan checks the whole computer, including all folders and drivers.
AVG Rescue CD can also be used to detect and remove rootkits, please refer to FAQ 2720 for more information.
Note: The following section is intended only for advanced users/system administrators.
Another option to remove active rootkits is to access the hard disk without running any software. This option is possible by restarting the computer in Safe Mode. If the rootkit is more sophisticated, connect the hard drive to another computer and scan it from a clean operating system.
I want to know more: Read user guide