How do I remove a rootkit without an anti-rootkit program?

Question

Possible Duplicate:
My server's been hacked EMERGENCY

Windows 2000 Server.

I believe I have a rootkit. But, nothing will remove it. I've tried everything. Even tools that are merely for scanning fail or bsod the computer.

Since nothing works, I wanted to try and do it manually.

edit: This is a Windows 2000 Server Forest Root. I cannot rebuild it without blowing up the domain.

score 7 · Answer 1 · answered May 14 '12 at 14:52

I'd strongly advise to rebuild your server.

if the server has been root-compromised how can you assure integrity of all of its parts even if you THINK you've removed the compromised part ?
it's easier and saves the time and hassle - rebuild and restore from backups

1 Answers1