Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: my parents got pawned ... root kit

  1. #1
    Banned
    Join Date
    Aug 2004
    Posts
    534

    my parents got pawned ... root kit

    i found this on the system.

    usual symptoms ... weird processes that won't go down ... all around slow

    what can i do to kill processes that i know are rootkit servers but even though i'm an admin it won't let me ...

    i mean there's gotta be SOMETHING i can do to kill them (short of boot in linux and deleting them)

  2. #2
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741
    good luck with the mess... remember to clear the
    prefetch
    system save files
    temp files
    boot into safe mode
    scan for trojans/viruses

    use this utility:
    http://www.sysinternals.com/Utilities/PsKill.html

    That is the answer to how to kill the crap. make sure you get spybot and adaware downloaded and updated before you start the adventure
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  3. #3
    Senior Member
    Join Date
    May 2004
    Posts
    274
    what i have seen in such cases that the system never attains the same performance after the removal of rootkit or anyother malicious code. The best case would be to make a backup of the data and try to make a fresh install.

    Just my thoughts
    Excuse me, is there an airport nearby large enough for a private jet to land?

  4. #4
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    You might want to tell everyone upfont
    That zip file contains a RootKit

    ( not just imply it. ) I know, everyone should know better, and it is zipped so it shouldn't create a problem unless they open it and run it, but you know how that goes ... someone will infect their system!

    Trend Micro identifies it as BKDR_HACDEF.GEN

    Spyrus's suggestion about PsKill should kill the process ( I don't have a box to infect to find out ) but there may be other files that spawned it still there lurking. Try Trend's solution at the link above, and if that doesn't work ... there's always mmkhan's solution.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  5. #5
    Senior Member
    Join Date
    Oct 2004
    Posts
    183
    Originally posted here by Spyrus

    ... remember to clear the ...

    system save files ...
    I know about the others, but where are the system save files in XP Pro? I have only one partition. Is it something to do with Page File? I know that I can clear that as a "one off" (I don't routinely clear it on close down).

  6. #6
    Howdy..

    Oh my you can get this root kit in the AO downloads section, it's an old old skiddy tool, nearly all AV's will pick it up..

    Other then that i would get them to do a fresh install at least then you can have a little more confidence that the problem should be gone...

    f2B

  7. #7
    Banned
    Join Date
    Aug 2004
    Posts
    534
    how could something like this get on their system

    they are swearing up and down that they didn't d/l and ran anything

    could it be becasue of the lack of running windows update or via web pages w/ malicious active x or such

  8. #8
    Well, if they didn't patch against the good old WMF vuln that definately could have been an attack vector for a hacker.

  9. #9
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729
    thats the beauty *and downfall* of windows and software in general...

    you dont always have to click "yes" to run something.

    would you belive this.. once i bought an off brand NIC for a comp i was building... the driver disc came with spyware... killed my system..

    so that shows ANYTHING can be a potential ticking bomb...

    Do your parents share pictures with friends/family over email? I have seen infected computers latch there virus onto pictures in the past.
    work it harder, make it better, do it faster, makes us stronger

  10. #10
    Nowadays anything can be a vector for a virus, especially if you're unpatched. It pays to stay up to date.

    I recommend you reinstall windows and turn on Automatic Updates for a start, then install some kind of security suite software, I personally like ZoneAlarm Security Suite, but most of them are pretty good.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •