Removing Rootkit Infection Using Avira Anti-Rootkit
To remove rootkit infections using Avira antirootkit, simply "Quarantine" or "Quarantine all". The option to quarantine single or more detected items is, for some reason, not working. It will display an error message "error sending to quarantine". The only default action is to send all detected items to quarantine which is not good especially if there is a false detection.
An example below is when I allowed Avira antirootkit to remove everything it detects, the system file and registry entry for "Remote storage service" in Windows is removed. The side effect of this action is the test system becomes a "non-genuine copy of Windows" and then the product activation is again required which failed due to the removal of core system files in Windows:
To restore the removed false positive, simply use Antivir antivirus program to restore the quarantined 'remote storage file' to its original location: C:\windows\system32\ntmsdata\ntmsjrnl
The removal of rootkits using Avira anti-rootkit is successful and resolved the browser redirection when searching the Internet, but only after scanning twice with a computer reboot requirement after each scan. A remnant of the rootkit infection is left in the registry which is not harmful anymore and can be manually deleted since it's no longer a hidden object:
Running a scan using other rootkit scanners will only detect the above registry entry if you did not delete it manually. It's easy to delete the entry as long as the user understands where the remnant is located. For users who are not sure of rootkit infections or not comfortable in using the registry editor in Windows, it's best to run a scan using an anti-malware program that has the ability to detect and remove rootkits, such as Malwarebytes Anti-Malware, EmsiSoft Anti-Malware, SUPERAntiSpyware or Microsoft Security Essentials.