Best advice about rootkit

[MooPi]

I discovered a rootkit on my brother in laws laptop. I've never had to deal with rootkits before and I'm mining for the best utility to deal with them. Avast discovered the rootkit generator but this is probably just the tip of the iceberg.

[cariboo]

Back up the important data and re-install, you'll never know exactly what was installed or changed.

[wilee-nilee]

Back up the important data and re-install, you'll never know exactly what was installed or changed.

+1 and there are rootkits that are not detectable as well.

[szymon_g]

Back up the important data and re-install, you'll never know exactly what was installed or changed.

so why back-up it now, when data could have been already altered/destroyed?
format a disk, install a new operating system, restore important data from back-ups done before security was compromised.
ah, i suspect- since you know it's rootkit, you have an idea (or two) how it get into a system (was it up-to-date? maybe some "codecs" were installed? etc etc)

[wilee-nilee]

so why back-up it now, when data could have been already altered/destroyed?
format a disk, install a new operating system, restore important data from back-ups done before security was compromised.
ah, i suspect- since you know it's rootkit, you have an idea (or two) how it get into a system (was it up-to-date? maybe some "codecs" were installed? etc etc)

How do you know when it was compromised I ask?

I think the post is to back up the important stuff like media....etc, not any of the OS.

[juancarlospaco]

Nice false positive you got there...

[szymon_g]

How do you know when it was compromised I ask?

Maybe since the last scan of system?
not to mention: every detected virus has got a name- googleing it will help to determine when system could be infected (or, rather: could not).

[MooPi]

Both detections came back with negative google responses. Oddest part is they were strings of random numbers and letters. Nasty behavior when active, the usual, deactivate AV but the applet said it was active and working. msconfig disabled as well as task manager. I'll probably give the bad news to brother in law tomorrow after I dig a little deeper to see what else is happening.
To answer some of the responses, I have general time line of infection( possibly 2days ago) No idea what was being done when infected, (sister and brother in law very computer illiterate),and definite there was/is an infection, not a false positive. I'll double check personal data and wipe drive and restore.

[wilee-nilee]

Maybe since the last scan of system?
not to mention: every detected virus has got a name- googleing it will help to determine when system could be infected (or, rather: could not).

Your argument is in a perfect world, where all virus/malware/rootkits/bots....etc are all detectable and moopi or their kin have all these tools. You are arguing a moot point let it go.

[matt_symes]

MooPi

What OS?