Existe algum navegador de arquivos que usa funções de baixo nível para navegar pelo disco rígido?

O Windows intencionalmente tenta impedi-lo de acessar diretamente o hardware - é uma questão importante. ;) Então, se o Windows foi comprometido por um Rootkit (especialmente um kernel) então você praticamente precisa acessar o sistema de arquivos de outro sistema operacional (Windows ou não - mas não o sistema operacional infectado). ) para fazer qualquer coisa com os arquivos da infecção.

De Wikipedia :

"The fundamental problem with rootkit detection is that if the operating system has been subverted, particularly by a kernel-level rootkit, it cannot be trusted to find unauthorized modifications to itself or its components. Actions such as requesting a list of running processes, or a list of files in a directory, cannot be trusted to behave as expected. In other words, rootkit detectors that work while running on infected systems are only effective against rootkits that have some defect in their camouflage, or that run with lower user-mode privileges than the detection software in the kernel"

De página MS 'RootkitRevealer :

"Is there a sure-fire way to know of a rootkit's presence?

In general, not from within a running system. A kernel-mode rootkit can control any aspect of a system's behavior so information returned by any API, including the raw reads of Registry hive and file system data performed by RootkitRevealer, can be compromised. While comparing an on-line scan of a system and an off-line scan from a secure environment such as a boot into an CD-based operating system installation is more reliable, rootkits can target such tools to evade detection by even them."

Espero que ajude ...

GMER seria um bom começo para descobrir o que está lá e então você poderia inicializar um Live CD e copiar os arquivos que você quer um local / partição diferente ou stick USB - as ferramentas em Parted Magic ajudariam você a fazer isso.

O GMER é um aplicativo que detecta e remove rootkits. Procura por:

• processos ocultos
• encadeamentos ocultos
• módulos ocultos
• serviços ocultos
• arquivos ocultos
• Fluxos de dados alternativos ocultos
• chaves de registro ocultas
• drivers conectando o SSDT
• drivers conectando o IDT
• drivers conectando chamadas de IRP
• ganchos embutidos

Inicialize a partir de um CD do Ubuntu para navegar na unidade

Artigo relacionado aqui

link

.

Você seria melhor usar o método abaixo para desinfetar seu PC

.

1.) On a PC that is Not infected, Make a boot AV disc then boot from the disc on the Infected PC and scan the hard drive, remove any infections it finds, I prefer the Kaspersky disc myself. The New 2010 Kaspersky disc can update the AV dat files if you are connected to the internet at the time of scan and is suggested to update before the scan.

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

2.) Then: Install free MBAM, run the program and go to the Update tab and update it, then go to the Scanner Tab and do a quick scan, select and remove anything it finds.

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

3.) When MBAM is done install SAS free version, run a quick scan, remove what it automatically selects. http://www.superantispyware.com/download.html

These last 2 are not AV softwares like Norton, they are on demand scanners that only scan for nasties when you run the program and will not interfere with your installed AV, these can be run once a day or week to ensure you are not infected. Be sure you update them before each daily-weekly scan.

.