Re: AVG anti-rootkit - normal or safe Mode ?



RJK wrote:
I've just been digging around www.grisoft.com and there seems ot be precious little information about their free rootkit detector !
i.e. no advice at to whether it's best to run it in Windows normal env. or in Safe Mode !

...any views ?

most dedicated 'rootkit' (i won't confuse the issue by correcting terminology here) detectors work by detecting the effects of the stealth malware (whether that be by detecting aspects of it's implementation in the form of hooks, or by detecting the fact that certain objects that can be seen using low-level routines can't be see using high-level api calls)... this mode of operation assumes that the 'rootkit' is actually active so you'll probably want to use it in normal mode...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
.



Relevant Pages

  • RE: RKDetect - behaviour based rootkit detection (updated)
    ... How would you go about detecting it when it ... Rootkit it is not "magic thing", it simple software which hack another software and can be hacked by other software. ... Other modern rootkits, like FU and PHIDE use more sophisticated technique, but they also can detected (see klister tool). ... ...
    (Focus-Microsoft)
  • Re: Keylogger Detection & Removal?
    ... Grisoft's AVG AntiRootKit ... Resplendence Rootkit Hook Analyzer ... Sophos AntiRootkit ... Detecting a rootkit does not mean it can be removed. ...
    (alt.comp.anti-virus)
  • Re: System32
    ... Your AV software is detecting that a malicious file, pacis.exe, is in ... bet is to do a full system scan with an updated AV program in safe mode. ... Associate Expert - WindowsXP Expert Zone ... > scan w/anti-virus or adware programs nothing shows up. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: System32
    ... Delete the file in Safe mode, but also the registry string that loads it. ... Rick Rogers, ... Associate Expert - WindowsXP Expert Zone ... Your AV software is detecting that a malicious file, pacis.exe, is ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: System32
    ... reason my AV software (Trend PC-cillin) wouldn't do a scan in that mode. ... Your AV software is detecting that a malicious file, pacis.exe, is in ... > bet is to do a full system scan with an updated AV program in safe mode. ...
    (microsoft.public.windowsxp.help_and_support)