Is there a way to find rootkits on 64-bit Windows 7

windows-7 malware 64-bit rootkit

I was at work and got a help desk call about a rather severe malware infection and it got me thinking about my own computer.

I am running Windows 7 64-bit RC1 on my everyday laptop. I run ESET NOD32 antivirus which does a good job of keeping itself up to date. I never turned off UAC.

I am also a computer professional so I have a pretty good idea when NOT to click OK on a windows dialog that looks rogue.

All that to say that I think I am clean but I wanted to be sure so I booted into safe-mode and downloaded and did a quick scan using the well-recommended anti-malware tool MalwareBytes tool. It only found a strange registry entry which I deleted. No file or folder problems were detected. I rebooted to complete the clean as it requested. I was surprised by this because all it did was clean a registry entry.

Oh yeah...one other thing run the professional edition of BillP Studio of WinPatrol.

After re-booting normally, WinPatrol warned about new program MalwareBytes which I expected and allowed. But to my surprise it also had me confirm the install/setup of userinit (I can't remember if it was dll or exe) but the program info was that this is the file that presents the startup screen to windows. I allowed it but it caught me off guard.

One last thing. I tried to also run root-kit revealer and IceSword so I could do a rootkit scan on my machine and neither of them would run and I am pretty sure it is because I am running a 64-bit OS.

So here are my questions:

  1. Is it normal for userinit to be "re-installed" or "re-init" after doing a scan using MalwareBytes? If not, why was a prompted for allow permissions for that file?

  2. Is there a known/recommended way to do a rootkit scan of 64-bit windows system?

  3. Is it possible that my machine is LESS likely to have a rootkit problem BECAUSE I am running as 64-bit OS. Wouldn't a rootkit have to run as a 64-bit process and isn't it likely that right now that rootkits will not be written to target 64-bit since it is a smaller target audience? Is my risk surface-area actually less?

Thanks in advance.

Seth


Solution 1:

Sophos Anti-Rootkit claims to be able to scan for, and remove, rootkits on 64-bit Windows 7.

Related

Windows 10 file selector: How do I specify details view as the default?
My new Lenovo T410 has slowed to a crawl. How do I fix it?
DHCP Reservation vs Mac address filtering. Are they the same security?
Windows 7 cannot connect to internet after sleep/hibernate
Apache2 Virtual Hosts not recognizing properly
How to move existing Linux installation to USB flash drive and make it bootable?
Location for Google search and Firefox wrong
Windows custom sound events
Merge drive c: and d: whilst drive D: has program files
Second monitor with an Intel iMac?
How to set my Ubuntu account to super user at all times?
Change Shortcut for closing windows