After my weekly scan by AVG Two Rootkits were found:

C:\Windows\System32\Drivers\axk3uljd.SYS

C:\Windows\system32\Drivers\mchInjDrv.sys

AVG says both are hidden drivers(?)and when I try to remove them through AVG a pop up says :
Some files cannot be healed

Access is denied

I then try to go to the folder but I cant find them because they are hidden :\

Well I tried google for some removal tools but the two I did try didnt do the job and I dont know if they were even legit apps.
So Im hoping someone here can help me find a good preferably free app to help me out.

Thanks in advance.

Well, there is RootAlyser from the people of Spybot http://forums.spybot.info/showthread.php?t=24185 and then also RootkitRevealer from MS http://technet.microsoft.com/e.....97445.aspx - Maybe you want to try those.

@ Lighthouse thats the way its spelled on my AVG scan results.

@ whs and Lighthouse thanks for the links. Will try and get back with results.(Probably later on tonight though(its already 6:16 A.M. here)

Thanks again.

All,

When using Root Kit Revealer, it will sometimes hang a machine while scanning the registry WPA Signing Hash entry. There is a minor bug in the code if I remember correctly.

Regards,
Rick P.

Okay I tried all 3 suggestions:

The spybot one didnt find any rootkits

The Hook Analyzer came with this error:
Cannot communicate with device.The operation completed successfully
I then press ok and the screen pops up and I psh scan but this pops up:
Wrong version of RSPSC32.sys installed. You may need to reinstall or reboot.

The Root Kit Revealer kept rebooting my system and listed a bunch of HKLM\yada yada yada\(Im guessing registry things(?)
but nothing that I could see of any rootkits :(
I finally had to turn off my computer to stop that because it just kept taking me to the log in screen and after I logged in it would continue the same cycle.

Any other suggestions?

Thanks in advance.

Sure, sorry I was vague. Go to Control Panel -> Folder Options -> View tab. In the Advanced Settings area, find the Hidden Files and Folders section and choose "Show hidden files and folders". You may also want to temporarily uncheck the box next to "Hide system files and folders" because some malware will disguise itself as system files. When you have deleted the bad files, check that option again.

You can get to Folder Options in safe mode as well. The benefit of safe mode is that it is less likely that the malware can protect itself from erasure or generate a new jumbled letters filename and copy itself there. Some of these can be very tenacious.

If the files aren't there, maybe they were quarantined by AVG. Does AVG have a quarantine that you can look at? How about checking AVG's activity log to see what it did with the files. If they are gone, that's great. How about this -- initiate a manual scan and see if it comes up clean or still identifies those same files.

OK I did a scan and no rootkits were found......but then I remembered I had changed that folder thing so I changed them back to the way they were(do not show hidden files and folders;hide protected operating system files[recommended])and ran another scan and now this:

C:\Windows\system32\Drivers\mchInjDrv.sys
and
C:\Windows\System32\Drivers\a90thxv.SYS
both hidden drivers.:(

Dont know how but that second changed I guess.

Any suggestions?

Thanks for all the help.

When I try to Remove all unhealed infections the same pop up comes up saying access is denied.

Currently Im not in safe mode(When I try to run the AVG scan in safe mode it starts some line command scan or something like that)that I dont understand.

Yes I am the admin on this computer.

How did it change numbers like that?

Thanks.

AVG may not do the job. Maybe you want to try the programs we linked earlier. Those are specialized on Rootkits.