I'm infected with rootkit.gen (specifically: swerftx.sys, unique code IQ1LCWD7) at LBA sector 0 of my MBR. It's a "highly severe" Trojan which can enable a remote computer to take over my computer, among other things. Webroot Security Essentials (incorporating Spy Sweeper) is unable to remove this Trojan, so I assume that most other such programs are also unable to do so. I don't want to pay a Webroot consultant $100 to remove it for me, so I'd like to remove it myself.
However, I'm now reading the following online at the University of Minnesota's Safe Computing website (see http://safecomputing.umn.edu/guides/scan_unhackme.html):
Rootkits are a special kind of malware that are specifically designed to hide the activities of other viruses and worms, and compromise the operating system so that it may not be repaired. If your machine is infected with a rootkit, you will very likely not be able to regain complete control of the system. Reinstallation is highly recommended.
However, there are exceptional cases when you absolutely need to attempt to repair the system. Although no tool can guarantee results for rootkit identification and removal, there is at least one program which has show limited success from time to time in this area. It's called UnHackMe.
It goes on to say:
Remember that in computer security there's no such thing as a silver bullet, and that you can't be certain which files were compromised by the viruses, worms and trojans on your machine. If you've been infected, you could still have "backdoors" riddled throughout your computer's operating system, and you should think very hard about reinstalling your operating system, and starting over from scratch.
Does anyone know if you can never really be certain if you've succeeded in completely removing a rootkit? I'll reinstall the system and all my software if I really have to.
