Repair POSSIBLE ROOTKIT Or Am I Just Paranoid? (Solved)

Home > Possible Rootkit > POSSIBLE ROOTKIT Or Am I Just Paranoid?


No unusual hard drive activity or anything like that. It only gets nasty and fights back when you start poking it. All rights reserved. Expert Kevin Beaver explains how ... check over here

So we're ready to rock and roll. So then the question... After SP3 was installed, I created an image of the drive on a hidden partition, just in case.I could not avoid using two files that spent time, even if no more I don't work for a company...?:2186 Sophos Footer T&Cs Help Cookie Info Contact Support © 1997 - 2017 Sophos Ltd.

And can't get rid of Remote Disc either.You'll notice some of the dates are 9/9/2014 which is the most frequently used date for things that are created. Law enforcement says this is a civil matter to be handled through cyber experts who investigate these scenarios for a very large fee. I am sure it would send the system into a tailspin, but I have nothing critical on this drive _yet_ so it wouldn't matter to me if I corrupted something and This is more than likely not a problem.

  • Am I just being paranoid after 20 years of using Windows, or is there possibly a real problem here??
  • I'll give that a try.
  • nothing found Searching for Volc rootkit...
  • not infected Checking `sendmail'...
  • Help yourself to be as well-equipped as possible to fight that fight with this All-in-one Guide on Windows Security Threats.
  • You don't need to do what CooKooBird suggested in his 8:14pm post because MEMSWEEP2 is from Sophos AntiRootkit.
  • Code: [root@leonardo ~]# man chkrootkit No manual entry for chkrootkit Heh! __________________ Glenn The Bassinator Last edited by glennzo; 12th February 2010 at 12:57 PM.
  • Please go away and bother someone else.

not infected Checking `netstat'... One good rootkit detection application for Windows is the RootkitRevealer by Windows security analysts Bryce Cogswell and Mark Russinovich. If not, this is often the cause of failures. not infected Checking `slapper'...

SearchSecurity Project Zero finds Cisco WebEx vulnerability in browser extensions A critical Cisco WebEx vulnerability in the service's browser extensions was discovered and patched, though some disagree the ... not infected Checking `rlogind'... Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. not found Checking `basename'...

Seek the truth -- expose API dishonesty. It then makes a copy of the CD somewhere so it can alter it and future boots are pointed there instead of to the actual disk. Such advances are behind ... Jun 24, 2015 8:01 PM Helpful (1) Reply options Link to this post by scissortail76, scissortail76 Jun 24, 2015 10:33 PM in response to James Brickley Level 1 (5 points) Jun

chaslang, Jul 3, 2008 #27 AverageJoe Private E-2 Ah...that is too bad that my disk isn't "real". There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. It would be something like MacPro5,1. You have a brick...There really is no way around this, the firmware is used to boot and will always re-install the rootkit as you have noticed.

The rootkit threat is not as widespread as viruses and spyware. check my blog Let's be paranoid and secure our penguins, and slam the doors on privacy exploits. its gone nowClick to expand... Download this free guide Don't become a victim!

Is that acceptable? Scans crash all the time for non-malware reasons. MEMSWEEP is not malware. this content But it does allow you to run scans since it has a whole bunch of added software that is installed with it.

Or am I just paranoid? nothing found Searching for Omega Worm... I need to try mounting as read only and run from the drive directly.

But back to the idea of removing the drive...I completely removed the hard drive, reset NVRAM, and restarted.

As I alluded to previously, I am unable to stop working for very long as I have critical items that have to be turned in (by this wednesday, actually). Code: [root@leonardo ~]# chkrootkit ROOTDIR is `/' Checking `amd'... Any newer firmware cannot be infected. Using the site is easy and fun.

Here you will find expert advice, columns and tips on malware (including spyware and bots), prevention planning and tools, and information about removal. I know several people who have it and don't even realize it. nothing found Searching for Adore Worm... Kabanov, KL CentralSupport 20451 176386 Today, 01:05In:Снижение скорости интернета пр...By: пользователь Защита мобильных устройств Forum Led by: Viktor, Alexander Ilin, Keeper-Volok 1300 11123 Yesterday, 01:32In:Xiaomi Redmi Note 2 не принима...By: MASolomko

A couple of days ago (as I was in a tinkering mood) I decided to take a closer look at the whole issue and decided to run rkhunter and chkrootkit. Click Apply.This will entirely wipe out the drive, including the current hidden Recovery partition. Security threats expert Kevin Beaver says, "I had good luck with both BlackLight and Anti-Rootkit in my test environment. It is more likely it will scare users all.

Do not run any other tool until instructed to do so! All checks skipped The system checks took: 4 minutes and 46 seconds All results have been written to the log file (/var/log/rkhunter/rkhunter.log) One or more warnings have been found while checking Finding and removing rootkit installations is not an exact science. BartPE perhaps?

Forum Led by: MASolomko, Kate Samargina 14 239 26.12.2016 21:46In:Сообщение про закрытие раздела...By: MASolomko Список актуальных бета-тестирований Forum Led by: MASolomko 102 74 Yesterday, 23:55In:KFA\KAV\KIS\KTS & KSeC\KS ...By: MASolomko Завершенные бета-тестирования is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc. Received a warning of a possible rootkit. I will think about what to do next and get back to you.

Monitoring outbound traffic on your network: What to look for Outbound network traffic remains a weakness for many enterprises and is a major attack vector. nothing found Searching for AjaKit rootkit default files and dirs... nothing found Searching for t0rn's default files and dirs... not found Checking `passwd'...

Not accoring to any of your logs and seeing as how you had multiple other rootkit scanners installed, you probably noticed they found nothing too. The other half are remapped during the boot process. Booting from the Recovery Drive gives a very subtley altered version of the real thing and functions in a way that seems normal, but reading the install logs shows webooks and not infected Checking `egrep'...

It is not a malware scanning tool per say.