Rootkit - please help

TW · Jun 3, 2006

Hi,

I'm using WindowsXP Pro SP2.
Programs RootkitRevealer and Gmer shown that
c:\Windows\System32\antiak.sys is a rootkit.
How to get rid of it? Should I simply delete the file
from the system or ought I to do anything else?
What are general rules of removing rootkits from
Windows systems?

Regards,
TW

Squire · Jun 3, 2006

Do a search for Rootkit,
you can delete all of them as they are not a part of XP.

Squire · Jun 3, 2006

The same for Antiak.sys

Kerry Brown · Jun 3, 2006

TW said:
Hi,

I'm using WindowsXP Pro SP2.
Programs RootkitRevealer and Gmer shown that
c:\Windows\System32\antiak.sys is a rootkit.
How to get rid of it? Should I simply delete the file
from the system or ought I to do anything else?
What are general rules of removing rootkits from
Windows systems?

Regards,
TW

Do you have an anti-keystroke logger installed? Googling for that file name
suggests it may be part of a anti-keystroke logger program. If you have
never installed any of these programs and it is a rootkit the only sure way
to get rid of it is a clean install of Windows. This means formatting your
hard drive so back up your data first.

TW · Jun 3, 2006

Thank you very much for your reply.

Do you have an anti-keystroke logger installed? Googling for that file name
suggests it may be part of a anti-keystroke logger program.

I think I don't have and I didn't ever have any anti-keystroke logger installed
but I'm not absolutely sure.
I'd like to avoid formatting disk and installing Windows again (especially if it's
not necessary) so is there any method to check if I have or had such anti-keylogger installed?

Regards,
TW

Kerry Brown · Jun 3, 2006

TW said:
Thank you very much for your reply.

I think I don't have and I didn't ever have any anti-keystroke logger
installed but I'm not absolutely sure.
I'd like to avoid formatting disk and installing Windows again
(especially if it's not necessary) so is there any method to check if I
have or had such
anti-keylogger installed?
Regards,
TW

Not that I know of. In another newsgroup it was suggested that you try
renaming the file. Have you tried this?

TW · Jun 3, 2006

Thank you very much for your reply.

In another newsgroup it was suggested that you try
renaming the file. Have you tried this?

Yes I have, after trobles with getting the Safe Mode.
Eventually I did it and it seems to be helpful.
At least the Gmer program doesn't show any rootkit
anymore.

Regards,
TW

Plato · Jun 3, 2006

TW said:
I'm using WindowsXP Pro SP2.
Programs RootkitRevealer and Gmer shown that
c:\Windows\System32\antiak.sys is a rootkit.
How to get rid of it? Should I simply delete the file
from the system or ought I to do anything else?
What are general rules of removing rootkits from
Windows systems?

http://www.bootdisk.com/bootlist/242.htm#4

ColTom2 · Jun 4, 2006

Removal Tool: http://r-1.ch/antiak.html

Rootkit - please help

TW

Squire

Squire

Kerry Brown

TW

Kerry Brown

TW

Plato

ColTom2