I have just had to deal with a trojan/spyware infection that was completely undetectable to normal antivirus software - and invisible to normal inspection techniques (e.g. Hijack-This).

It was a "Rootkit" program that hides from normal windows programes - for example it can't be seen in Explorer.

It was fiendishly difficult to find but I managed it using the following programs...

Rootkit Revealer (http://www.sysinternals.com/Utilities/RootkitRevealer.html)

F-Secure Backlight (http://www.f-secure.com/blacklight/)

I would suggest that if your PC is exhibiting strange behaviour and you can't trace the cause - check to see if you might have a "Rootkit" infection.

Also see:
http://support.f-secure.com/enu/home/ols3.shtml

A gratis simple-to-use tool against all bugs, including rootkits! Why :ugh: any longer.

Another bloodey undetectable trojan/spyware program. :*

I call the death penaltey for these useless b@stards who write such programs and/or viruses and then let it loose in the wild. :mad:

Another bloodey undetectable trojan/spyware program. :*
I call the death penaltey for these useless b@stards who write such programs and/or viruses and then let it loose in the wild. :mad:

Unfortunately it's not just another trojan/spyware program - Rootkits are a whole new class of program that hide themselves with very clever stealth procedures.

One of the first and most widespread was written by . . .


SONY

Sony CDs secretly install a rootkit (http://www.wired.com/news/privacy/0,1848,69601,00.html)

Sony have been bitten by it too!

http://news.zdnet.co.uk/internet/security/0,39020375,39270678,00.htm

"After it was caught out selling music CDs 'protected' by hacking software, Sony will replace the notorious discs, give free downloads and make cash payments to anyone who bought one" http://news.zdnet.co.uk/i/b.gif

Just spread Marmite liberally on a CD and insert it into the computer. Then watch in amusement as the rootkits start pouring out every vent.

(Sorry, the Marmite thread was right below this one)

...is like Safe Sex. Take precautions and never have any unprotected contact with strangers.

One way to deal with the filthy, disgusting place the internet has become is to have two computers. One has all your flashy applications, photographs, music, movies, favourite games and important, private & personal files on it.
The other has a browser, a good anti-virus programme and a firewall. Nothing else. You connect that one to the internet for surfing.

Never connect your good machine to anything.

Every three months you do a reformat and clean install on the internet machine.


BTW. Remember what a nice friendly place the old internet was back in 1989? Everyone cooperated and we were all nice to each other. There no hackers, no flame wars. No porn. No scumbags. Especially no government control - we never needed no control.
Yeah, Right!
So, now we see where anarchy and freedom gets you, huh?

To return to the rootkit issue, that has nothing to do with surfing but with the consequences of putting a CD or DVD (such as one of Sony's) into your computer's disc drive.

according to stagger's interesting link, Sony held the opinion that it wasn't malware? The only thing they did wrong was cloaking the underlying legitimate software? Excuse me, but anything that loads itself into my computer and changes the registry without my permission is malware by definition. Its also an invasion of privacy and, since it reports back to HQ with information gleaned from my machine, its a violation of the Data Protection Act and, like copying one of their CDs, in some states it may even constitute a criminal offence.

I shall be writing to Sony through my lawyer (my daughter actually) to ask for a copy of all the data that they hold on file concerning me. I recommend that if we all do the same it should give them something useful to do, instead of buggering up our computers.

P.S. If you use her, it would earn a few useful dollars for my daughter too. ;)

Actually a rootkit will be found as a consequence of, not surfing per se, but not patching the operating system vulnerabilites, i.e. not using the free MS update facility.
A net hijacker will have the ability to install anything on your machine, incl. rootkits! Software that have a rootkit functionality are being sold commercially as "surveillance" programmes, apparently quite legally. I've encountered some myself on some of the hijacked machines I've cleaned.

There's no need to mystify this, however. Keep your system current, as well as your antivirus set, and you'll be safe. I recommend a commercial vendor of AV software that has a fast response time to new outbreaks -- saving in the wrong place can ultimately become very expensive.

Blacksheep - my rootkit problem did not come from a CD or DVD.

I accidentally ran a malicious executable downloaded from the web. Stupid - yes. But at the time I thought my anti-virus and anti-spyware software would deal with the problem. The malicious executable did install a standard trojan which my anti-virus and anti-spyware software dealt with just fine.

However, several weeks later I discovered the rootkit - in this case a spam zombie program pumping out spam messages.

If the rootkit did not get installed when I accidentally ran the malicious executable then the situation is even more worrying because it must have been installed without me doing anything stupid!

Rootkits need not be malicious - but they can be - an the one I had was.

In addition to the obviously wise precautions of having a firewall, AV software and anti-spy/malware software - and exercising prudence regarding opening suspicious files - may I warmly recommend everyone to operate their accounts (where applicable) as ordinary users as much as possible, rather than as administrators or Power Users?

That way, there is far less risk of installing any nasty onto your system. Not applicable to Win 9x systems, obviously - another massive reason to move into the 21st C.

It isn't totally foolproof - but every little helps. :ok:

SD

This site has good advice for anyone concerned about filling in the cracks in their defences beyond the usual AV / Firewall combo.

http://www.techsupportalert.com/best_46_free_utilities.htm#1

There's some discussion on the respective merits of the Admin/Limited account vs the rootkit prevention issue et. al. here: http://www.wilderssecurity.com/archive/index.php/t-107811.html

edit:
A 98 diehard vs "modern times" security talk: http://www.emailbattles.com/archive/battles/security_aacddidjci_dh