New Rootkit Revealer

Discussion in 'OT Technology' started by Doc Brown, Apr 20, 2006.

  1. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
  2. kYd

    kYd New Member

    Joined:
    Dec 31, 2005
    Messages:
    5,881
    Likes Received:
    0
    Location:
    England, Nottingham
    Thanks for the info. This program is awsome!
     
  3. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
    It's unfortunate that most people don't know how dangerous a rootkit is.

    After digging one out of my friend's computer, I found over 500 pests that had been hidden by it. Nasty stuff, them rootkits.
     
  4. CyberBullets

    CyberBullets I reach to the sky, and call out your name. If I c

    Joined:
    Nov 13, 2001
    Messages:
    11,865
    Likes Received:
    0
    Location:
    BC, Canada/Stockholm, Sweden
    Once a computer has a rootkit on it, the only fix is a format. Once it's detected, it's already too late.
     
  5. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
    In my case I got lucky. My friends kids had downloaded some smiley programs
    and when I went to delete the programs it sent me to a website where there was a removal tool that took the rootkit out. Spyware is illegal now, and I think some of the companies are trying to add it legitimately, which also means allowing for removal.
    But like I said, once the rootkit was gone, I found over 500 pests that had been hidden by it.
     
  6. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
    Maybe not. Windows hides all sorts of stuff that you don't need to worry about. To avoid the windows pieces during a scan, go to
    options and make sure that "hide standard ntfs metadata files" is checked.
     
  7. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Tripwire for the win.
     
  8. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
    Ouch. That can't be good. Do you by chance use a cd of backup programs that you use every time you do a fresh windows install?
    If so, it could be contaminated.

    Also you need of course, to be running at least one antispyware program, one antivirus program, a firewall and have the latest windows updates.

    Also, be sure that hidden files and folders is unchecked, as well as system restore turned off when you do your scans.
     
  9. CyberBullets

    CyberBullets I reach to the sky, and call out your name. If I c

    Joined:
    Nov 13, 2001
    Messages:
    11,865
    Likes Received:
    0
    Location:
    BC, Canada/Stockholm, Sweden
    :werd: every linux box i have has that running on it. best piece of software to monitor my critical files.
     
  10. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    What do you use for read only media, and how often do you scan your filesystem for changes?
     
  11. CyberBullets

    CyberBullets I reach to the sky, and call out your name. If I c

    Joined:
    Nov 13, 2001
    Messages:
    11,865
    Likes Received:
    0
    Location:
    BC, Canada/Stockholm, Sweden
    Currently I only have my 1 linux box (I no longer work IT, fuck that. Student Affaris, New Student Orientation & First Year Experience is my career).

    I use a dvd-r (made several copies for redudancy/backup). I scan my system every other night. No particular reason why, just do.
     
  12. dew

    dew Banned

    Joined:
    Dec 5, 2005
    Messages:
    47,656
    Likes Received:
    0
    Location:
    MIA

    :noes:
     
  13. CyberBullets

    CyberBullets I reach to the sky, and call out your name. If I c

    Joined:
    Nov 13, 2001
    Messages:
    11,865
    Likes Received:
    0
    Location:
    BC, Canada/Stockholm, Sweden
    it's true. who knows what other shit has been done to the box. 3rd party virus def could of been put on to ignore certain virii. Keyloggers, trojans, phishing and farming sites could of been installed. You'd be surprised.
     
  14. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0

Share This Page