Jump to content
Posted 14 November 2013 - 07:11 PM
Posted 14 November 2013 - 08:11 PM
Hello LOVEMYPC -
Wiki is always a good place to start .........
A standard check tool is this -
TDSSKiller - TDSSKiller is a utility created by Kaspersky Labs that is designed to remove the TDSS rootkit. This rootkit is know under other names such as Rootkit.Win32.TDSS, Tidserv, TDSServ, and Alureon. TDSSKiller will also attempt to remove other rootkits such as the ZeroAccess or ZeroAccess rootkit if it is detected.
You can run this (it will not hurt in any way) Directions -
Download TDSSKiller and save it to your desktop.
* Extract (unzip) its contents to your desktop.
* Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
* If an infected file is detected, the default action will be Cure, click on Continue.
* If a suspicious file is detected, the default action will be Skip, click on Continue.
* It may ask you to reboot the computer to complete the process. Click on Reboot Now.
* If no reboot is require, click on Report. A log file should appear.
* You can copy and paste the contents of that file here if you wish (unless the topic is moved)
* If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Posted 15 November 2013 - 08:32 AM
HI,I have seen some of the tutorials about using rootkit downloads just how do they work and are they safe for relatively
inexperienced user to use and not ruin their PC so that it would make a door stop,thanks
There are many free anti-rootkit (ARK) tools but some require a certain level of expertise and investigative ability to use. Some ARK tools are intended for advanced users or to be used under the guidance of an expert who can interpret the log results and investigate it for malicious entries before taking any removal action. Incorrectly removing legitimate entries could lead to disastrous problems with your operating system. Most of the more effective ARK tools should only be used under the guidance of an expert who knows how to investigate its log for malicious entries before taking any removal action.
Why? Not all hidden components detected by anti-rootkit (ARK) scanners and security tools are malicious. It is normal for a Firewall, anti-virus and anti-malware software, CD Emulators, virtual machines, sandboxes and Host based Intrusion Prevention Systems (HIPS) to exhibit rootkit-like behavior or hook into the OS kernal/SSDT (System Service Descriptor Table) in order to protect your system. SSDT is a table that stores addresses of functions that are used by Windows. Whenever a function is called, Windows looks in this table to find the address for it. Both legitimate programs and rootkits can hook into and alter this table.
API Kernel hooks are not always bad since some system monitoring software and security tools use them as well. If no hooks are active on a system it means that all system services are handled by ntoskrnl.exe which is a base component of Windows operating systems and the process used in the boot-up cycle of a computer. ARK scanners do not differentiate between what is good and what is bad...they only report what is found. Therefore, even on a clean system some hidden essential components may be detected when performing a scan to check for the presence of rootkits. As such, you should not be alarmed if you see any hidden entries created by legitimate programs after performing a scan.
In most cases further investigation is required after the initial ARK scan by someone trained in rootkit detection or with advanced knowledge of the operating system. Report logs need to be analyzed and detected components identified in order to determined if they are benign, system critical or malevolent before attempted removal. Using an ARK scanner without knowing how to tell the difference between legitimate and malicious entries can be dangerous if a critical component is incorrectly removed.
These are a few of the easier ARKS for novice users:
Malwarebytes Anti-Malware uses a proprietary low level driver (similar to some ARK detectors) to locate hidden files and special techniques which enable it to detect a wide spectrum of threats including active rootkits. SUPERAntiSpyware Free offers technology to deal with rootkit infections as well. Both of these scanners are easy enough for any novice to safely use.
Posted 15 November 2013 - 10:59 AM
Thank you both for the replies,i have run across and article about McAfee rootkits and how he explained how they could find root kit problems and it kinda
mirrored some of the minor problems that showing up on my PC.
Posted 15 November 2013 - 04:13 PM
Posted 15 November 2013 - 10:34 PM
HI,I have run most of the programs that was suggested,the one that would like to run is ROOT KIT TOOL by McAfee,it is in beta form right now you run it at your own risk and i also have seen beta form is not for the novice just to run.
I also ran across a article by McAfee about how root kit tools work and almost all of the problems that was in the article pertains to how my PC is running right now,all the programs that i ran did not find any problems.
I was thinking if may be i pour holy water on my PC and do a exorcism on it,it may start to work better.
Not to get off of topic but i see there is a update to FIREFOX 25.0.
On another note if you left one forum and went to another without logging out would that leave a back door into a PC,thanks
Posted 16 November 2013 - 06:12 AM
HI,I just read the rootkit-wikipedia article and if i understand it right it is almost a losing battle with root kits.
Now my next question is do these root kits get installed when you download anything off of the internet,if so when i use my external backup
will i still have root kit problems and if i replace the existing HDD with a new one will the bad root kits go along for the ride or have i misunderstood
how and where root kits are installed,thanks
Posted 16 November 2013 - 09:05 AM
0 members, 0 guests, 0 anonymous users