Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

General question about rootkits and paranoia


  • Please log in to reply
3 replies to this topic

#1 lucasbuck

lucasbuck

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 21 April 2011 - 09:45 AM

I recently ran a bad installer and got a warning of bpfull and allurion. I run avast, which picked it up, and so did windows security. It said it contained the deleted them. I then ran DrWebCureIt, it was clean. TDSSKiller, nothing found. Avast boot scan check was clean.
Back in the day, anytime anything popped up about a rootkit (or even a really bad virus) on my system, I would just spend a day, wipe the drive, and reinstall everything. I recently upgraded to Win 7 64bit, and really hate to go through that trouble. But I'm really paranoid about my work emails, credit card info, etc.
Nowadays, is it really worth the trouble of doing a clean install, or if windows and avast are coming up clean, am I safe? Just looking for some opinions (and cure for my paranoia). Thanks!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:18 AM

Posted 21 April 2011 - 11:41 AM

Your decision as to what action to take should be made by reading and asking yourself the questions presented in these articles:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned, repaired or trusted especially if you are dealing with backdoor Trojans, Botnets, IRCBots and rootkits. These types of infections are very dangerous because they compromise system integrity. Rootkits are used by backdoor Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.

Security vendors that claim to be able to remove rootkits and backdoor Trojans cannot guarantee that all traces of it will be removed as they may not find all the remnants. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore with a vendor-specific Recovery Disk or Recovery Partition removes everything and is the safest action but I cannot make that decision for you.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 lucasbuck

lucasbuck
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 22 April 2011 - 06:22 AM

Thanks for the info!

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:18 AM

Posted 22 April 2011 - 06:37 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users