Jump to content
Posted 29 December 2009 - 05:58 PM
Posted 29 December 2009 - 08:04 PM
Apparently, if a rootkit has been successfully installed the only way to remove it for sure is reformat & reinstall. If one needs to reformat and reinstall, what backups can be reinstalled? Are there user file types that need to be scanned before copying back to the clean system? Could my Word macros or PaperPort self extracting or jpg files be compromised? Do rootkits use ADSs? Can any user settings or customizations be safely backed up?
~ quietman7 from http://www.bleepingcomputer.com/forums/ind...t&p=1147299
Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, personal data files and photos. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or .html files because they may be infected by malwareware appending itself to the executable. Some types of malware may even disguise itself by adding and hiding its extension to the existing extension of files so be sure you look closely at the full file name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.
If any routine scan finds rootkit activity, I would highly recommend a reformat/reinstall. The scans may have knocked out some components of the rootkit, but it may as well still be active.
I'm assuming that the rootkits found on routine scanning w/ antivirus software have either not installed themselves, not installed themselves completely or were unsuccessful in removing all evidence of their existence.
So what should one do if a routine scan detects and "fixes" a rootkit?
They can be picked up just like any other piece of malware. A drive-by download, downloading illegal content, visiting untrustworthy sites, etc. Reliable websites are usually secure, but it is still possible for the site to host malware if it is any kind of site used to host content for download.
How do rootkits get on a computer? It just amazes me that these programs can bypass all the "security" on WinXP Prof computers, escalate their privileges somehow and take over. I've read that they can be installed by someone [or a CD] w/ direct access to the computer. Apparently a rootkit can also be downloaded from the internet - does an illicit connection [like w/ netcat] have to be made? Can one be downloaded from a reliable website?
You may never know if the rootkit is actually collecting data that you mention, but you should always treat the infection as if it is sending every keystroke you make to a 3rd party. It can happen to anyone, as a matter of fact, I was infected with a rootkit by the name of "Poison Ivy" about a year ago, and that's when I joined this site.
What is the real likelihood that a rootkit will be installed on a home computer and used to provide that person's personal data - bank account, credit card & social security numbers, address, passwords, etc.? Is this a "can happen" per security labs or is this happening to people with home computers?
Posted 30 December 2009 - 09:26 AM
Posted 01 January 2010 - 06:37 PM
0 members, 0 guests, 0 anonymous users