Warning - "Rootkit" trojans/spyware hide from normal antivirus/antispyware software
Thread Starter
Warning - "Rootkit" trojans/spyware hide from normal antivirus/antispyware software
I have just had to deal with a trojan/spyware infection that was completely undetectable to normal antivirus software - and invisible to normal inspection techniques (e.g. Hijack-This).
It was a "Rootkit" program that hides from normal windows programes - for example it can't be seen in Explorer.
It was fiendishly difficult to find but I managed it using the following programs...
Rootkit Revealer
F-Secure Backlight
I would suggest that if your PC is exhibiting strange behaviour and you can't trace the cause - check to see if you might have a "Rootkit" infection.
It was a "Rootkit" program that hides from normal windows programes - for example it can't be seen in Explorer.
It was fiendishly difficult to find but I managed it using the following programs...
Rootkit Revealer
F-Secure Backlight
I would suggest that if your PC is exhibiting strange behaviour and you can't trace the cause - check to see if you might have a "Rootkit" infection.
Join Date: Mar 2006
Location: Finland - East of Sweden
Posts: 113
Likes: 0
Received 0 Likes
on
0 Posts
Also see:
http://support.f-secure.com/enu/home/ols3.shtml
A gratis simple-to-use tool against all bugs, including rootkits! Why
any longer.
http://support.f-secure.com/enu/home/ols3.shtml
A gratis simple-to-use tool against all bugs, including rootkits! Why
any longer.
Join Date: Feb 1998
Location: Formerly of Nam
Posts: 1,595
Likes: 0
Received 0 Likes
on
0 Posts
Another bloodey undetectable trojan/spyware program. 
I call the death penaltey for these useless b@stards who write such programs and/or viruses and then let it loose in the wild.
I call the death penaltey for these useless b@stards who write such programs and/or viruses and then let it loose in the wild.
Thread Starter
Originally Posted by Slasher
Another bloodey undetectable trojan/spyware program.
I call the death penaltey for these useless b@stards who write such programs and/or viruses and then let it loose in the wild.
I call the death penaltey for these useless b@stards who write such programs and/or viruses and then let it loose in the wild.
One of the first and most widespread was written by . . .
SONY
Sony CDs secretly install a rootkit
Recidivist
Join Date: Jun 2005
Location: Essex, UK
Posts: 1,239
Likes: 0
Received 0 Likes
on
0 Posts
Sony have been bitten by it too!
http://news.zdnet.co.uk/internet/sec...9270678,00.htm
"After it was caught out selling music CDs 'protected' by hacking software, Sony will replace the notorious discs, give free downloads and make cash payments to anyone who bought one"
http://news.zdnet.co.uk/internet/sec...9270678,00.htm
"After it was caught out selling music CDs 'protected' by hacking software, Sony will replace the notorious discs, give free downloads and make cash payments to anyone who bought one"
Just spread Marmite liberally on a CD and insert it into the computer. Then watch in amusement as the rootkits start pouring out every vent.
(Sorry, the Marmite thread was right below this one)
(Sorry, the Marmite thread was right below this one)
Cunning Artificer
Join Date: Jun 2001
Location: The spiritual home of DeHavilland
Age: 76
Posts: 3,127
Likes: 0
Received 0 Likes
on
0 Posts
Safe Surfing...
...is like Safe Sex. Take precautions and never have any unprotected contact with strangers.
One way to deal with the filthy, disgusting place the internet has become is to have two computers. One has all your flashy applications, photographs, music, movies, favourite games and important, private & personal files on it.
The other has a browser, a good anti-virus programme and a firewall. Nothing else. You connect that one to the internet for surfing.
Never connect your good machine to anything.
Every three months you do a reformat and clean install on the internet machine.
BTW. Remember what a nice friendly place the old internet was back in 1989? Everyone cooperated and we were all nice to each other. There no hackers, no flame wars. No porn. No scumbags. Especially no government control - we never needed no control.
Yeah, Right!
So, now we see where anarchy and freedom gets you, huh?
One way to deal with the filthy, disgusting place the internet has become is to have two computers. One has all your flashy applications, photographs, music, movies, favourite games and important, private & personal files on it.
The other has a browser, a good anti-virus programme and a firewall. Nothing else. You connect that one to the internet for surfing.
Never connect your good machine to anything.
Every three months you do a reformat and clean install on the internet machine.
BTW. Remember what a nice friendly place the old internet was back in 1989? Everyone cooperated and we were all nice to each other. There no hackers, no flame wars. No porn. No scumbags. Especially no government control - we never needed no control.
Yeah, Right!
So, now we see where anarchy and freedom gets you, huh?
Cunning Artificer
Join Date: Jun 2001
Location: The spiritual home of DeHavilland
Age: 76
Posts: 3,127
Likes: 0
Received 0 Likes
on
0 Posts
To return to the rootkit issue, that has nothing to do with surfing but with the consequences of putting a CD or DVD (such as one of Sony's) into your computer's disc drive.
according to stagger's interesting link, Sony held the opinion that it wasn't malware? The only thing they did wrong was cloaking the underlying legitimate software? Excuse me, but anything that loads itself into my computer and changes the registry without my permission is malware by definition. Its also an invasion of privacy and, since it reports back to HQ with information gleaned from my machine, its a violation of the Data Protection Act and, like copying one of their CDs, in some states it may even constitute a criminal offence.
I shall be writing to Sony through my lawyer (my daughter actually) to ask for a copy of all the data that they hold on file concerning me. I recommend that if we all do the same it should give them something useful to do, instead of buggering up our computers.
P.S. If you use her, it would earn a few useful dollars for my daughter too.
according to stagger's interesting link, Sony held the opinion that it wasn't malware? The only thing they did wrong was cloaking the underlying legitimate software? Excuse me, but anything that loads itself into my computer and changes the registry without my permission is malware by definition. Its also an invasion of privacy and, since it reports back to HQ with information gleaned from my machine, its a violation of the Data Protection Act and, like copying one of their CDs, in some states it may even constitute a criminal offence.
I shall be writing to Sony through my lawyer (my daughter actually) to ask for a copy of all the data that they hold on file concerning me. I recommend that if we all do the same it should give them something useful to do, instead of buggering up our computers.
P.S. If you use her, it would earn a few useful dollars for my daughter too.
Join Date: Mar 2006
Location: Finland - East of Sweden
Posts: 113
Likes: 0
Received 0 Likes
on
0 Posts
Actually a rootkit will be found as a consequence of, not surfing per se, but not patching the operating system vulnerabilites, i.e. not using the free MS update facility.
A net hijacker will have the ability to install anything on your machine, incl. rootkits! Software that have a rootkit functionality are being sold commercially as "surveillance" programmes, apparently quite legally. I've encountered some myself on some of the hijacked machines I've cleaned.
There's no need to mystify this, however. Keep your system current, as well as your antivirus set, and you'll be safe. I recommend a commercial vendor of AV software that has a fast response time to new outbreaks -- saving in the wrong place can ultimately become very expensive.
A net hijacker will have the ability to install anything on your machine, incl. rootkits! Software that have a rootkit functionality are being sold commercially as "surveillance" programmes, apparently quite legally. I've encountered some myself on some of the hijacked machines I've cleaned.
There's no need to mystify this, however. Keep your system current, as well as your antivirus set, and you'll be safe. I recommend a commercial vendor of AV software that has a fast response time to new outbreaks -- saving in the wrong place can ultimately become very expensive.
Thread Starter
Blacksheep - my rootkit problem did not come from a CD or DVD.
I accidentally ran a malicious executable downloaded from the web. Stupid - yes. But at the time I thought my anti-virus and anti-spyware software would deal with the problem. The malicious executable did install a standard trojan which my anti-virus and anti-spyware software dealt with just fine.
However, several weeks later I discovered the rootkit - in this case a spam zombie program pumping out spam messages.
If the rootkit did not get installed when I accidentally ran the malicious executable then the situation is even more worrying because it must have been installed without me doing anything stupid!
Rootkits need not be malicious - but they can be - an the one I had was.
I accidentally ran a malicious executable downloaded from the web. Stupid - yes. But at the time I thought my anti-virus and anti-spyware software would deal with the problem. The malicious executable did install a standard trojan which my anti-virus and anti-spyware software dealt with just fine.
However, several weeks later I discovered the rootkit - in this case a spam zombie program pumping out spam messages.
If the rootkit did not get installed when I accidentally ran the malicious executable then the situation is even more worrying because it must have been installed without me doing anything stupid!
Rootkits need not be malicious - but they can be - an the one I had was.
Spoon PPRuNerist & Mad Inistrator
In addition to the obviously wise precautions of having a firewall, AV software and anti-spy/malware software - and exercising prudence regarding opening suspicious files - may I warmly recommend everyone to operate their accounts (where applicable) as ordinary users as much as possible, rather than as administrators or Power Users?
That way, there is far less risk of installing any nasty onto your system. Not applicable to Win 9x systems, obviously - another massive reason to move into the 21st C.
It isn't totally foolproof - but every little helps.
SD
That way, there is far less risk of installing any nasty onto your system. Not applicable to Win 9x systems, obviously - another massive reason to move into the 21st C.
It isn't totally foolproof - but every little helps.
SD
Join Date: May 2001
Posts: 81
Likes: 0
Received 0 Likes
on
0 Posts
This site has good advice for anyone concerned about filling in the cracks in their defences beyond the usual AV / Firewall combo.
http://www.techsupportalert.com/best...tilities.htm#1
http://www.techsupportalert.com/best...tilities.htm#1
Join Date: Mar 2006
Location: Finland - East of Sweden
Posts: 113
Likes: 0
Received 0 Likes
on
0 Posts
There's some discussion on the respective merits of the Admin/Limited account vs the rootkit prevention issue et. al. here: http://www.wilderssecurity.com/archi.../t-107811.html
edit:
A 98 diehard vs "modern times" security talk: http://www.emailbattles.com/archive/..._aacddidjci_dh
edit:
A 98 diehard vs "modern times" security talk: http://www.emailbattles.com/archive/..._aacddidjci_dh
Last edited by DBTL; 24th May 2006 at 21:23.
