I have a computer infected with at least one rootkit. I searched the forum and found some advice: http://www.giantitp.com/forums/showthread.php?t=129471&highlight=rootkit

But I had a couple questions I was hoping folk could answer.

We found it using the free program SUPERAntiSpyware Free Edition. (We also ran Malwarebyte's Anti-Malware, but it looks like it missed it.) Does anyone know if the antispyware program should be able to do it?

I heard the downloadable anti-virus program Avast can help? Any ideas?

Also, since this started, we've had what looks like one of those stupid 'an error has occurred; please report this to Microsoft' titled "Generic Host Process for Win32 Services." When we have Xed out of it (not hitting 'Debug', 'Send Error Report', or 'Don't Send'), the internet or the anti-virus scan seem to freeze up soon after. Anyone know what this is? Sometimes a random ad website is linked to, it seeming like from whatever webpage I happen to be looking at.

If you've been rooted, wipe the computer and start again. It's the only safe option.

Back up your data first, but be very careful before opening anything you've got backed up or you risk reinfection.

It is not the only way to remove a rootkit, but by their very nature, you will never be able to be sure you've gotten rid of everything.

What Rawhide said.

That said, if you do want to risk it- And this is not a recommendation- you can attempt to remove it with Super Antispyware. After the removal, restart your computer three times, and then scan again to see if it was a success. Another program that you can run (and I prefer this be ran in safe mode) is Combofix, linked to here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix). It's what I've used when I absolutely gotta have to attempt to remove rootkits.

That said, I am going to reiterate that the nature of rootkits makes them very difficult to remove, and even if a program says you're clean, you may still be infected. (Combofix, itself, uses a rootkit to attempt to remove rootkits, essentially. That's kinda how deep we're at.)

Thanks. Not the best news, but it's good to know.

What do rootkits generally do? I've seen it slows things down, but does it try to collect info like bank account numbers, SSN, etc. or hack e-mail accounts to spam/send viruses?
We might try the triple-reset thing with AntiSpyware, but I'd like to know what we're risking first.

Thanks. Not the best news, but it's good to know.

What do rootkits generally do? I've seen it slows things down, but does it try to collect info like bank account numbers, SSN, etc. or hack e-mail accounts to spam/send viruses?
We might try the triple-reset thing with AntiSpyware, but I'd like to know what we're risking first.

Whatever the heck the installer of it wants. A rootkit is defined by how deeply it gets installed into the system, not by what it does once it's there; a successfully implanted rootkit pretty much gives its creator/owner complete super admin rights on your system, and as such can be used to install any of the other popular types of malware.

What do rootkits generally do? I've seen it slows things down, but does it try to collect info like bank account numbers, SSN, etc. or hack e-mail accounts to spam/send viruses?
We might try the triple-reset thing with AntiSpyware, but I'd like to know what we're risking first.
Wikipedia confirms the given advice (http://en.wikipedia.org/wiki/Rootkit#Removal).

What separates a rootkit from your 'standard' virus is difficult to explain. Most often, a rootkit will replace parts of the operating system with itself while stealthily hiding its presence, monitoring and subverting system calls, and maintaining redundant sources for its code. While there are other defining features, these alone make it virtually impossible to remove with certainty, and absolutely impossible for a layman to remove without a complete wipe of the system. I cannot recommend trying to solve this problem with mere anti-spyware: using these programs to try to remove a rootkit is like bringing a knife to a gun fight.

In the future, I would recommend backing up your data at regular intervals so that you can restore when this happens again. As it is now, salvage only what you absolutely cannot do without; the only reasonable approach is to treat every file on your machine as if it has been compromised.

As to what a rootkit can do...

A better question to ask is 'What can't a rootkit do?' The one you have on your computer could have been designed for any purpose. Most likely it is used for distributed computing or just spam. Neither of these are 'good', and there is a non-negligible chance that it may very well be gathering personal information. The slowdown that you've experience is probably a result of your computer being used in distributed computing.

In conclusion: wipe your drive, buy an external drive and backup once per week.