Hello there,
Hopefully I've posted this to the right forum. Long story short: I've had a Rootkit detection scare several days ago. This happened immediately after the last Windows update (KB4034662/KB4034674). I always run Malwarebytes (free version) after running my default Anti-virus when doing Windows updates. The scan claimed it found an "unknown Rootkit":
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
*File: 1
Unknown.Rootkit.Driver, C:\WINDOWS\System32\drivers\drmk.sys, Replaced, [0], [0],0.0.0
Physical Sector: 0
(No malicious items detected)
(end)
Not really thinking it through, I went ahead and quarantined the file, then removed it. Since this file was part of the core driver files for Windows, my PC naturally blue screened mid-process. I rebooted, then ran an sfc/scannow via Command Prompt, and was able to reinstall the damaged driver with seemingly little problems. I've since then ran some additional anti-virus scans and Rootkit cleaners (ESET online scanner, TDSS Killer; etc.), and several more Malwarebytes scans; all of which found nothing.
My question here is, was this potentially a false positive? Are there any additional security steps I should proceed with, assuming this was a legit Rootkit?
Cheers,
-L.