...but when I try to remove it, it tells me "Some files cannot be healed. Access is denied".

I've already deleted the file that it was detected in (even though I scanned that file several times after and didn't detect any infections), but I doubt that got rid of it. Any suggestions on how to?

I'm using Vista with AVG Professional, BTW (and no Vista criticism cracks, please).

Can your run Vista in the other mode and run the anti-viurs?

What other mode?

Safe mode IIRC.

Safe mode most likely won't let you dislodge a rootkit. Others may have some more extensive experience with dealing with these than I do (and I've got enough), but by definition they are essentially impossible to dislodge without booting into a separate operating system, like through a Linux boot CD.

The best thing you can do is back up what you need, and repartition/reformat/reinstall your entire system from scratch. Doing anything less is dangerous, you may think you have the rootkit removed when in fact you don't, and even if you do manage to remove part or all of it, your system could be permanantly unstable.

Back up what you can. Repartition, reformat, reinstall. Do NOT just pop in a "restore" cd and go from there. You need to wipe the system clean and start fresh.

I think there was a pluging for Adaware for rootkits.

HijackThis is a good for removing rootkits.

HijackThis is a good for removing rootkits.
Actually, I found that program while browsing "how to delete a rootkit" and installed it.

It did delete the rootkit, but afterward started acting really strange. The permissions window kept popping up, saying it was trying to access my system. But after clicking "yes" several times, it did nothing that I could see, so I got suspicious kind of suspicious about it and decided to uninstall and clear all traces of it.

But it did delete the rootkit, though.

Actually, I found that program while browsing "how to delete a rootkit" and installed it.

It did delete the rootkit, but afterward started acting really strange. The permissions window kept popping up, saying it was trying to access my system. But after clicking "yes" several times, it did nothing that I could see, so I got suspicious kind of suspicious about it and decided to uninstall and clear all traces of it.

But it did delete the rootkit, though.

Now, I would run some more antivirus scans because it sounds like that program you installed was trying to install something nasty on your comp there.....You wouldn't happen to remember its name do you?

Now, I would run some more antivirus scans because it sounds like that program you installed was trying to install something nasty on your comp there.....You wouldn't happen to remember its name do you?
I misread edyzmedieval's post. He was talking about a program called HijackThis, but the perp of the happenings I described was a rootkit removal program called UnHackMe.

I ran three subsequent scans that night, with daily scans since then, but the only hits I've had are a few Adware hits in a now-deleted registry entry left over from a registry cleaner program I'd downloaded from that website FinallyFast.com.

Perhaps you can grab yourself a copy of a trial version of Kaspersky, see if that one (if the trial version actually does include rootkit search) confirms your AVG scan?

Haven't had any rootkit detections since then, but I'll do that to double check. Thanks, Tellos. :beam:

Personally, if I were sure my windows machine had a rootkit, I'd pull the network, backup and reformat windows. A rootkit could likely be a trojan or other nasty, and you could well have all kinds of things on your machine.

Better safe than sorry. And windows kinda needs reformatting every so often anyway, to maintain performance.

Sometimes it feels like I'm talking to an empty theater.... :sweatdrop:

Sometimes it feels like I'm talking to an empty theater.... :sweatdrop:

Nuke the site from orbit, it's the only way to be sure. ~D

While everyone is happy with their current condition, it's not up to us to force our suggestions on them, lads.

:bow: