We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
New Very Nasty Malware/Rootkits ????
Options
Comments
-
Post the combofix log?:idea:0
-
You might wanna try sophos too -
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html:idea:0 -
Hanx guys - will check out that website later.
Neither were/are showing exactly the same symptoms.
#1 - no net connection, even though WZC was reporting connected, so hitman was useless. Major corruption of system files (even ethernet connection had been wiped :mad:), no security products updating(mbam showing update errors similar to some previous rootkit stuff I've seen). Safe mode allowed scans, combofix and dr web removed stuff, but not enough to allow normal operation after several runs, with new stuff showing up in each scan.
#2 - showing signs of "classic" rootkit activity, constant rebooting when attempting to start up in normal mode. Safe mode appears to be reasonably ok, but hitman and combofix have removed 6-7 rootkits between them and behaviour persists. HJT log not showing anything unusual, but won't get a log to be able to post until after I've been back to it tomorrow evening. Hoping by then that dr web has removed the last traces of anything from it....
It could, of course, be that I've just been lucky (or brilliant
) until now, but 2 in a week like this just seemed a bit more than unusual........ ......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
As someone who also spends a lot of time sorting out "problems" for family and friends, I agree that malware is evolving faster than the tools and knowledge to clean it.
Personally, I have started advising "less PC savvy" people to think seriously about browsing only in a virtual environment, such as that which can be done via programs like Sandboxie. Of course, the problem is that those programs require the user to take the time to learn how to get the best from them, something many users don't have the patience for or convince themselves that they are too difficult to use.
I have also suggested programs like "Returnil" which in effect puts the whole OS in a virtual sandbox. But again, users who don't have the time, inclination or patience to learn new things end up being blinded by the science.
The internet more and more needs users to be more self-disciplined about what they click on and what sites they visit but that's never going to happen so we end up back at square one with an infected computer.0 -
You might wanna try sophos too -
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
hanx RIK, for some reason I'd completely forgotten about this one
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
As someone who also spends a lot of time sorting out "problems" for family and friends, I agree that malware is evolving faster than the tools and knowledge to clean it.
Personally, I have started advising "less PC savvy" people to think seriously about browsing only in a virtual environment, such as that which can be done via programs like Sandboxie. Of course, the problem is that those programs require the user to take the time to learn how to get the best from them, something many users don't have the patience for or convince themselves that they are too difficult to use.
I have also suggested programs like "Returnil" which in effect puts the whole OS in a virtual sandbox. But again, users who don't have the time, inclination or patience to learn new things end up being blinded by the science.
The internet more and more needs users to be more self-disciplined about what they click on and what sites they visit but that's never going to happen so we end up back at square one with an infected computer.
nice post -- i agree! although i must admit, i don't browse in a 'sandbox' environment either
0 -
But again, users who don't have the time, inclination or patience to learn new things end up being blinded by the science.
The internet more and more needs users to be more self-disciplined about what they click on and what sites they visit but that's never going to happen so we end up back at square one with an infected computer.
Unfortunately, I couldn't agree more .............Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
Have you tried
http://www.gmer.net/
(Works on all OS's upto Win7)
I've never needed a Rootkit finder for Windows (I moved over to Linux ages ago.) So i'm not sure if it will be better or worse that the progs you've tried.
What OS are you running?
Microsoft has it's own rootkit finder for XP and earlier OS's
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspxLaters
Sol
"Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"0 -
I also don't feel the situation is helped, when people new to the whole spyware/malware etc situation, do some research, go to download something along the lines of Ad Aware for the first time from a download site, and end up downloading something like "super ultra registry cleaner" by mistake, due to the utterly misleading placement of download links which open in an endless stream of new tabs.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards