Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit question


  • Please log in to reply
3 replies to this topic

#1 Clash73

Clash73

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 14 August 2009 - 08:35 AM

My computer was recently hit with the SKYNET/Rootkit-Pakes.L infection and I used it as a motivator to do a fresh install of Vista. My laptop has a partition and the D: drive is where all of my data/pictures/videos while the C: is the OS and my applications. When I reinstalled Vista, the recovery formated C: but left D: untouched and so my data there was preserved. My question is this: need I worry about the infection being still hidden amongst my files on the D: drive? Furthermore, I made a backup copy of my "Documents" folder (which was on C:) which contained some odds and ends like Word documents, Photoshop psd files, etc after the infection appeared. Might they too be infected?

P.S. Thanks to all the mods on this forum. I've followed other threads to gain an understanding of what happened to my PC and I appreciate the education as well as the effort you lot put into helping everyone. Cheers.

Clash73

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 16 August 2009 - 05:31 PM

It's possible your D: was infected. You should scan the contents of the drive with Malwarebytes and SUPERAntiSpyware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Clash73

Clash73
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 17 August 2009 - 07:39 AM

Thanks Budapest. Neither MBAM nor SAS find anything on my D: drive when I scan.

I have, however, tried to run Root Repeal as well (a paranoid precaution perhaps seeing as I've reinstalled Vista) and every time I start it scanning I get the "Could not read system registry! please contact the author!" message I've seen others mention on this forum. Should I be concerned?

Thanks in advance.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:25 AM

Posted 17 August 2009 - 07:59 AM

What version of RootRepeal are you using? You should be using v1.3.5. If you are getting the error on the most current version, the tool's developer is already aware and looking into the issue but no fix is available yet.

When backing up data due to infection, you can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. Then make sure you scan the files with your anti-virus prior to copying them back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.

Again, do not back up any data with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users