May 20th, 2006, 05:30 AM
my parents got pawned ... root kit
i found this on the system.
usual symptoms ... weird processes that won't go down ... all around slow
what can i do to kill processes that i know are rootkit servers but even though i'm an admin it won't let me ...
i mean there's gotta be SOMETHING i can do to kill them (short of boot in linux and deleting them)
May 20th, 2006, 05:50 AM
good luck with the mess... remember to clear the
system save files
boot into safe mode
scan for trojans/viruses
use this utility:
That is the answer to how to kill the crap. make sure you get spybot and adaware downloaded and updated before you start the adventure
Duct tape.....A whole lot of Duct Tape
Spyware/Adaware problem click
May 20th, 2006, 06:51 AM
what i have seen in such cases that the system never attains the same performance after the removal of rootkit or anyother malicious code. The best case would be to make a backup of the data and try to make a fresh install.
Just my thoughts
Excuse me, is there an airport nearby large enough for a private jet to land?
May 20th, 2006, 09:01 AM
You might want to tell everyone upfont
That zip file contains a RootKit
( not just imply it. ) I know, everyone should know better, and it is zipped so it shouldn't create a problem unless they open it and run it, but you know how that goes ... someone will infect their system!
Trend Micro identifies it as BKDR_HACDEF.GEN
Spyrus's suggestion about PsKill should kill the process ( I don't have a box to infect to find out ) but there may be other files that spawned it still there lurking. Try Trend's solution at the link above, and if that doesn't work ... there's always mmkhan's solution.
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
May 20th, 2006, 12:52 PM
I know about the others, but where are the system save files in XP Pro? I have only one partition. Is it something to do with Page File? I know that I can clear that as a "one off" (I don't routinely clear it on close down).
Originally posted here by Spyrus
... remember to clear the ...
system save files ...
May 20th, 2006, 01:01 PM
Oh my you can get this root kit in the AO downloads section, it's an old old skiddy tool, nearly all AV's will pick it up..
Other then that i would get them to do a fresh install at least then you can have a little more confidence that the problem should be gone...
May 20th, 2006, 02:02 PM
how could something like this get on their system
they are swearing up and down that they didn't d/l and ran anything
could it be becasue of the lack of running windows update or via web pages w/ malicious active x or such
May 20th, 2006, 02:35 PM
Well, if they didn't patch against the good old WMF vuln that definately could have been an attack vector for a hacker.
May 20th, 2006, 02:44 PM
thats the beauty *and downfall* of windows and software in general...
you dont always have to click "yes" to run something.
would you belive this.. once i bought an off brand NIC for a comp i was building... the driver disc came with spyware... killed my system..
so that shows ANYTHING can be a potential ticking bomb...
Do your parents share pictures with friends/family over email? I have seen infected computers latch there virus onto pictures in the past.
work it harder, make it better, do it faster, makes us stronger
May 20th, 2006, 02:49 PM
Nowadays anything can be a vector for a virus, especially if you're unpatched. It pays to stay up to date.
I recommend you reinstall windows and turn on Automatic Updates for a start, then install some kind of security suite software, I personally like ZoneAlarm Security Suite, but most of them are pretty good.