Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi Think I Have a Root Kit


  • Please log in to reply
8 replies to this topic

#1 PaulB777

PaulB777

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 25 July 2010 - 12:53 PM

I'm new here and have a good amount of experience with computers but it seems that my main system has somehow got infected with a root kit. I'm following the instructions for how to report it here, backing up the system to start.

Thanks in advance for any help!
Paul

BC AdBot (Login to Remove)

 


#2 Martel

Martel

    Drfixup Human Internet Solutions


  • Members
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina U.S.A.
  • Local time:11:33 AM

Posted 25 July 2010 - 01:06 PM

Hello PaulB777,

Welcome to BC

Sounds like you are off in the right direction.

#3 PaulB777

PaulB777
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 26 July 2010 - 01:04 PM

Hello PaulB777,

Welcome to BC

Sounds like you are off in the right direction.


Thanks for the welcome!

#4 PaulB777

PaulB777
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 26 July 2010 - 01:10 PM

I've got another question, not sure of the best place to post it.
I am more of a hardware guy, so it is very easy for me to move
a drive to another healthy system. As I understand it rootkits
are so difficult to remove because the system is running with
the infection in place undoing the repairs as they happen.

If I move the drive to an uninfected system and then scan and
repair it with tools running on the uninfected system isn't this
an effective way to do it?

I could even put the drive in an external enclosure and interface
with USB or eSATA.

#5 Martel

Martel

    Drfixup Human Internet Solutions


  • Members
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina U.S.A.
  • Local time:11:33 AM

Posted 26 July 2010 - 05:48 PM

Rather than making any changes it would be advisable to determine what the problem is to choose the best path.

You could start with a post of your symptoms in What do I do
with a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system

#6 PaulB777

PaulB777
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 26 July 2010 - 07:20 PM

I understand about not making changes, I was just offering the idea for discussion.
I have reported the problem in this thread:
http://www.bleepingcomputer.com/forums/t/334751/infected-with-antivir-so-it-seems/

#7 Martel

Martel

    Drfixup Human Internet Solutions


  • Members
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina U.S.A.
  • Local time:11:33 AM

Posted 26 July 2010 - 08:47 PM

Actually I am the same way.

I have trouble waiting.

I just wanna start fixing it.

All too many times I have done so to no avail, just to find the answer through the board.

:thumbsup:

#8 PaulB777

PaulB777
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 27 July 2010 - 10:08 PM

Yes I agree want to fix it and move on but I certainly understand that there is a line here to wait for help.
I'm thinking of cloning the infected drive and trying the idea, but I don't want to introduce the variable
of altering the hardware even if I put it back.

#9 Martel

Martel

    Drfixup Human Internet Solutions


  • Members
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina U.S.A.
  • Local time:11:33 AM

Posted 27 July 2010 - 10:59 PM

Orange Blossom merged your bumped post at Today, 09:38 PM

Orange Blossom is a moderator and was cleaning up for you.

A bumped post will make it appear that you are getting help when you are not.

If you have an afterthought or left something out you can edit the post, it is good manners to type the word EDIT: where you edited.

Unfortunately some folks sign up (not you) and then go to posting their problem all over the board, next thing you know there could be are several knowledgeable Members working on the same problem at the same time, thereby reducing the effectiveness of the staff.
That multiple posting can also occur when there is a problem and a user does not realize their post ever made it out of their browser.

Some problems are harder to solve than others, but rest assured that when someone gets to you it will be worth the wait.

I have found it helps to pass the time in The Speak Easy

or
Forum Games

Think of it like being at a layover at the airport..

I have waited many times myself and always found the resolution.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users