Print Page | Close Window

Rootkits

Printed From: Progarchives.com
Category: Topics not related to music
Forum Name: I Have A Question For You......?
Forum Description: Ask any question on any subject: if the admin team or any of our members can answer it we will.
URL: http://www.progarchives.com/forum/forum_posts.asp?TID=62993
Printed Date: November 24 2024 at 13:35
Software Version: Web Wiz Forums 11.01 - http://www.webwizforums.com


Topic: Rootkits
Posted By: Epignosis
Subject: Rootkits
Date Posted: November 19 2009 at 18:52
I know we have some awfully amazing computer geeks among us.  I am beseeching you for your knowledge and expertise.

I have somehow had malware installed on my desktop (no, it wasn't due to porn, thank you very much Tongue).  Regardless of my browser, whenever I use a search engine and click a resulting link (which is a necessary tool for my work), the malware kicks in and redirects me elsewhere.  This happens about four or five times until the desired website appears.

I have run a total of eight different anti-spyware, antivirus, etc etc programs, and one claims to have found "Hacker Defender" but is apparently unable to remove it. 

It seems whatever bug my machine has prevents it from running in safe mode also (which inadvertently led to a bigger scare this afternoon- I was stupid enough to run msconfig and change the boot setting to safe mode...what a nightmare, but I've remedied it).

I've lost almost a whole day of work trying to sort this out.  Perhaps one of you has some sound know-how or advice in terms of dealing with this.

No, I am not sure I am dealing with a rootkit, but one of the eight programs I have run (it was RegRun) says that's what it is- it just won't remove the damn thing.

I have a laptop with a missing spacebar (the little nub is still there) that will aid me in the meantime, but I'd really hate to reinstall Windows XP.

Thank you for any help.  I will write a song in praise of anyone who helps me solve this matter.*



















*No I won't.  Tongue



-------------
https://epignosis.bandcamp.com/album/a-month-of-sundays" rel="nofollow - https://epignosis.bandcamp.com/album/a-month-of-sundays



Replies:
Posted By: A Person
Date Posted: November 19 2009 at 19:05
Some "antivirus" programs are really just disguised viruses, what programs are you using? I would suggest sticking to a single one, or at the most two. You could try using http://www.safer-networking.org/en/mirrors/index.html - Spybot Search and Destroy if you want, I can't guarantee it will work, but it's worth a shot. 


Posted By: Epignosis
Date Posted: November 19 2009 at 19:08
Originally posted by A Person A Person wrote:

Some "antivirus" programs are really just disguised viruses, what programs are you using? I would suggest sticking to a single one, or at the most two. You could try using http://www.safer-networking.org/en/mirrors/index.html - Spybot Search and Destroy if you want, I can't guarantee it will work, but it's worth a shot. 


Tried and found wanting.

I'm fairly sure none of the programs I am using are bad...I just know that rootkits have evolved to the point that several programs don't detect them.  I'm trying to use those that are heralded as the latest in detecting rootkits.




-------------
https://epignosis.bandcamp.com/album/a-month-of-sundays" rel="nofollow - https://epignosis.bandcamp.com/album/a-month-of-sundays


Posted By: Padraic
Date Posted: November 19 2009 at 19:24
Sorry Rob.  Wipe and re-install is probably best at this point.


Posted By: A Person
Date Posted: November 19 2009 at 19:26
Have you tried AVG? Microsoft Security Essentials? Avast? Avira AntiVir?


Posted By: Any Colour You Like
Date Posted: November 19 2009 at 19:42
Originally posted by Padraic Padraic wrote:

Sorry Rob.  Wipe and re-install is probably best at this point.


Probably so. Sounds like whatever you have has buried itself deep.


Posted By: clarke2001
Date Posted: November 19 2009 at 19:43
Kaspersky?

Ehm...format C: ?


-------------
https://japanskipremijeri.bandcamp.com/album/perkusije-gospodine" rel="nofollow - Percussion, sir!


Posted By: Epignosis
Date Posted: November 19 2009 at 19:53
Originally posted by Padraic Padraic wrote:

Sorry Rob.  Wipe and re-install is probably best at this point.


I may backup all my new files and do just that...nothing really to lose but time in that case, right?



-------------
https://epignosis.bandcamp.com/album/a-month-of-sundays" rel="nofollow - https://epignosis.bandcamp.com/album/a-month-of-sundays


Posted By: Epignosis
Date Posted: November 19 2009 at 19:55
Originally posted by A Person A Person wrote:

Have you tried AVG? Microsoft Security Essentials? Avast? Avira AntiVir?


Thanks.

These I have not used yet...I'll exhaust all possible resources before I take

Kansas Drastic Measures  album cover

Stern Smile


-------------
https://epignosis.bandcamp.com/album/a-month-of-sundays" rel="nofollow - https://epignosis.bandcamp.com/album/a-month-of-sundays


Posted By: Epignosis
Date Posted: November 19 2009 at 19:55
Originally posted by clarke2001 clarke2001 wrote:

Kaspersky?

Ehm...format C: ?


I'll search for that...I recognize that name now.  Angry


-------------
https://epignosis.bandcamp.com/album/a-month-of-sundays" rel="nofollow - https://epignosis.bandcamp.com/album/a-month-of-sundays


Posted By: TheCaptain
Date Posted: November 19 2009 at 20:29
there is another way to clean your system from hxdef-rootkit:

Boot windows into Rescue mode, do one of the following:

Insert the Windows OS Installation CD into the Drive.
Boot from the CD
Choose R to enter the Rescue Console
Choose the Windows installation you want to Clean from the list presented to you.
Enter the Administrator Password.

Once in the recovery console, you have a few commands for this, including:

listsvc - lists services that can be enabled or disabled
enable <servicename> <start-type> - enables a service, with a service type,

SERVICE_DISABLED
SERVICE_BOOT_START
SERVICE_SYSTEM_START
SERVICE_AUTO_START
SERVICE_DEMAND


disable <servicename> - disables a service, but prints out the previous
start-type, which should be recorded in case you need to re-enable the
service.

More information about the recovery console http://www.computerhope.com/jargon/r/recocons.htm - here


-------------
Curse your sudden but inevitable betrayal.


Posted By: Epignosis
Date Posted: November 20 2009 at 06:16
Update...I ran Malwarebytes (probably should've done that first, but this is becoming quite a learning experience).

It rid my machine of 15 Trojans.  I made a log of these.

Unfortunately, the problem persists.  I think I will run it a second time this morning and see what happens- if Malwarebytes failed to remove one or more, or if one or more has recreated itself somehow.


-------------
https://epignosis.bandcamp.com/album/a-month-of-sundays" rel="nofollow - https://epignosis.bandcamp.com/album/a-month-of-sundays


Posted By: Epignosis
Date Posted: November 20 2009 at 08:28
Update the second...

For my tenth program, I ran Dr. Web Cure-It, which recognized several corrupted .exe files as well as a Trojan running and a wickedly corrupted .tmp file that wouldn't go away.

I stopped the scan prematurely and rebooted to find the .tmp file gone from the drivers folder.

I have tested many times, and clicking through search engine results has yet to result in a hijacked browser.

I intend to run Dr. Web Cute-It again on "complete" mode and see what happens after that.


-------------
https://epignosis.bandcamp.com/album/a-month-of-sundays" rel="nofollow - https://epignosis.bandcamp.com/album/a-month-of-sundays


Posted By: Mr ProgFreak
Date Posted: November 20 2009 at 09:05
^ the bad thing about rootkits is that the only safe way to remove them is to re-install the OS. Sad, but true ... no song named after me, but you could write a brutal Death Metal song about rootkits. ;-)

-------------
https://tagyourmusic.org/users/Mike" rel="nofollow - https://tagyourmusic.org/users/Mike



Posted By: Snow Dog
Date Posted: November 20 2009 at 09:26
Originally posted by Epignosis Epignosis wrote:

Update...I ran Malwarebytes (probably should've done that first, but this is becoming quite a learning experience).

It rid my machine of 15 Trojans.  I made a log of these.

Unfortunately, the problem persists.  I think I will run it a second time this morning and see what happens- if Malwarebytes failed to remove one or more, or if one or more has recreated itself somehow.

Try running Malwatebytes and/or the free Norton tool from Google in safe mode. It worked for me.


-------------
http://www.last.fm/user/Snow_Dog" rel="nofollow">


Posted By: Padraic
Date Posted: November 20 2009 at 09:42
Originally posted by Epignosis Epignosis wrote:

Update...I ran Malwarebytes (probably should've done that first, but this is becoming quite a learning experience).

It rid my machine of 15 Trojans.  I made a log of these.



Wow, that is one infected machine.  Shocked

I don't know what AV software you're running, but it sure is doing a lousy job if this happened.



Posted By: A Person
Date Posted: November 20 2009 at 09:43
Originally posted by Mr ProgFreak Mr ProgFreak wrote:

^ the bad thing about rootkits is that the only safe way to remove them is to re-install the OS. Sad, but true ... no song named after me, but you could write a brutal Death Metal song about rootkits. ;-)

That would nerdy. and awesome.


Posted By: Dean
Date Posted: November 20 2009 at 10:03
Even if you did remove manage to remove it, you simply would not feel secure using that PC again because there will always be the niggling doubt that you left part of it behind that has corrupted some vital part of the OS - the comment that you cannot get Safe Mode to run is a god indication of how deep this bugger is buried. Re-installing XP is also only a partial solution because that could leave the installer intact. Reformatting the hard-drive and installing XP from scratch is the only surefire way.
 
On the plus side - a clean install is never a bad thing as it clears out all the benign software that has attached itself to the registry that you used once perhaps and never needed again, which will undoubtedly be slowing down your machine by now.


-------------
What?


Posted By: Padraic
Date Posted: November 20 2009 at 10:14
Originally posted by Dean Dean wrote:

Reformatting the hard-drive and installing XP from scratch is the only surefire way.


Rob, even though your browser may be running more smoothly, I still highly recommend doing this based on how badly infected your machine was/(still may be).


Posted By: A Person
Date Posted: November 20 2009 at 10:26
Maybe it is time to try out Windows 7. If you back data up to an external hard drive or whatever I would install an AV program before putting it back on.


Posted By: Epignosis
Date Posted: November 20 2009 at 16:13
Thanks for the advice everyone.

I ran a program that took over seven hours just to scan both drives, and it caught myriad things I wouldn't have thought of...(like my calculator being infected by a virus...the calc.exe of all things...).  From what I can tell, it has repaired almost everything, and quarantined what it couldn't.  I deleted the quarantined files (none of them were of any import).

I will attempt to boot in safe mode and see how that goes.

I'm not trying to be naive, but I am almost positive that well over half the crap on my computer was there before I somehow caught the "Big bug" two days ago.

Besides...I dare someone to steal my identity.  With my credit, I can't even sell it!  LOLEmbarrassed

Seriously, if I am being foolish, Dean, Pat, etc., let me know...reformatting is always an option...but if all this mess has been on my machine for so long (as I am certain it has been), I'm thinking the Internet hasn't been too safe for me all along.  Confused 

*Checks card statements to make sure Pat didn't buy the new Magma album with one of my accounts* ShockedAngryOuch

Wink

I'll run some more tests...in the mean time, I will drink beer and listen to the new Between the Buried and Me album.

Also, I almost met Glenn Beck today.





-------------
https://epignosis.bandcamp.com/album/a-month-of-sundays" rel="nofollow - https://epignosis.bandcamp.com/album/a-month-of-sundays


Posted By: A Person
Date Posted: November 20 2009 at 17:07
Originally posted by Epignosis Epignosis wrote:


Also, I almost met Glenn Beck today.

Near death experiences are always scary.


Posted By: Padraic
Date Posted: November 20 2009 at 19:15
Originally posted by Epignosis Epignosis wrote:


Besides...I dare someone to steal my identity.  With my credit, I can't even sell it!  LOLEmbarrassed


Great defense against identity theft!  LOL

Originally posted by Epignosis Epignosis wrote:


I will drink beer


Now you've dispensed good advice to me.  Big smile


Posted By: Failcore
Date Posted: November 23 2009 at 14:37
Have you tried using Google Chrome? It won't get rid of the rootkit, but since it's used so little, it might not be affected by the rootkit.

-------------


Posted By: Failcore
Date Posted: November 23 2009 at 14:39
Oh also, Panda Anti Rootkit is supposed to be good at cleaning some rootkits.

-------------


Posted By: PsYcHoTiC_MaDmAn
Date Posted: November 23 2009 at 19:00
2 ways of doing it. first off, back up any needed data. this is similar in both solutions. then wipe the hard disk.

heres the choice.

1st option, reinstall windows, download firefox, AVG (or similar) and Zone Alarm (firewall, so anything similar) whatever you do, do not install norton, mcaffee or panda, their the AV equivilent to a chocolate fireguard.

then scan all the files you backed up with an up-to-date AV scanner, and malware bytes.

or the simple method, install linux, (need to make a boot disk/usb pen before wiping the computer) once you install linux you can then return all your files without risk of reinfection, and for that matter, not worry about viruses and trojans again...

your choice.

personally only moved over to linux (currently using ubuntu, tempted to try a few other variants as well, though would recommend ubuntu to start with) fairly recently. started mucking about with it 6-7 months ago, but never made the switch from xp (which I have had to patch up a few times....) however, bought myself a new PC, which came without an OS, (quadcore @3GHz/core 8GB DDR2 800 1TB Harddrive, 1GB graphics (theres showing off for you)) moved over to linux on that completely (with the exception of the occasional use of XP to use the sony software for my Walkman) and sinse then. the few times I've had to use M$ has driven me mad.



Print Page | Close Window

Forum Software by Web Wiz Forums® version 11.01 - http://www.webwizforums.com
Copyright ©2001-2014 Web Wiz Ltd. - http://www.webwiz.co.uk