Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkits


  • Please log in to reply
7 replies to this topic

#1 Blakes7

Blakes7

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 03 August 2009 - 10:46 PM

Hi! I've just been doing a little reading of rootkits, which I didn't even know existed. My research came up with Rootkit Unhooker, but there's no documentation on how to use it. Supposedly, it's the best---Microsoft bought them out, but does anybody know how to use it? The help contents are empty, and I've been googling, but with no results. I ran it and came up with some "hooked" files, but I don't know if I should do anything about them---I don't know what hooked means. Any and all responses will be greatly appreciated. Thanks.

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:16 PM

Posted 03 August 2009 - 10:59 PM

I have never heard of Rootkit Unhooker. In the antimalware forums we use several other tools for dealing with rootkits. If you're worried about a malware infection I suggest you start a thread in Am I infected? What do I do? stating all your symptoms, any steps you have already taken in an attempt to solve the problem, and any other details you can provide that may prove useful. Someone should be able to help you there!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:16 PM

Posted 04 August 2009 - 02:08 AM

Hooked files does not always mean malicious so I would not remove them without trained help

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:16 PM

Posted 04 August 2009 - 03:23 AM

Just echoing what Stang777 said. simply because RKU reports hooked functions is not evidence of malicious behavior. Lots of legitimate programs cause hooking. For example, some antiviruses and firewalls hook functions.

I did do some research on RKU though, and I just wanted to say thanks for tipping me off to another rootkit detector. I'll definitely be taking a look at it :thumbsup:

~Blade

Edited by Blade Zephon, 04 August 2009 - 03:23 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 Blakes7

Blakes7
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 04 August 2009 - 09:46 AM

Thanks for the responses. I'm not worried about my computer---my brother's is so messed up I'm going to wipe the disk and reinstall. He has avg and runs spybot sporadically, but there's something there. It takes a couple of minutes to open a file (eg. windows explorer), and when outlook finally opens, you can't open e-mails. A message comes up stating that the file may not have been completely downloaded, click ok on that and another message comes up saying there is insufficient memory. I finally got task manager to open, and the cpu is running at 100% when I tried to run spybot, occasionally plummeting to 47% for a couple of seconds, and the page file is over what it's set at. It still says there is some free memory though. It's easier for me to just wipe the drive and reinstall, since it would take forever to run anything on it. I gave up on spybot after an hoir, since it had hardly gotten to 20%. I figure it must be some kind of virus, but since he has scheduled scans with avg, I'm guessing a rootkit---that and the cpu usage. Since I discovered info about rootkits, I figured I'd run it on mine to see how it worked. My computer is fine, as I do clean installs about every 6 months. Is there a program I should install on his computer (I guess Mine as well) that will protect it from rootkits? Thanks.

#6 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:16 PM

Posted 04 August 2009 - 02:47 PM

Why do you install the operating system every six months?

#7 Blakes7

Blakes7
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 04 August 2009 - 07:53 PM

Just for peace of mind. It seems it's too easy to pick up something that attacks a computer, so I just do it to feel safe. It doesn't take long.

#8 RedDawn

RedDawn

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:16 PM

Posted 04 August 2009 - 08:46 PM

Just for peace of mind. It seems it's too easy to pick up something that attacks a computer, so I just do it to feel safe. It doesn't take long.

Also gets rid of a lot of junk :flowers:.


Posted Image

"I love the smell of a freshly installed OS in the morning, smells like...like ones and zeros." :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users