Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Refresh System Filez After Rootkit Attacks & Cleanup


  • Please log in to reply
No replies to this topic

#1 Jbirdie

Jbirdie

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 30 June 2006 - 06:40 AM

since saturday i have had 7 different rootkits - all coming from the same isp, but the malware is coming from japan, china, australia, syria, tunesia, and the usa(traced with traceroute). i wrote the isp and got this lie back from them: (Due to certain privacy concerns and legal restrictions, we often can not share with you the outcome of our investigation or the specific steps we take to address your oncerns). the company is Fast Colocation with help from Swift Ventures. i use a hosts file and i have run hijack this, clean up, cwsshredder, adaware, spyware doctor, spybotsd, a2squared, blacklight and icesword, as well as ewido. ewido is the only one to find these wankers and here is a sample of one of their hidden cookies, note the very beginning, that is a ramdom invisible directory (they use a different one for each cookie - sunday i had 15 of these cookies all from different locations, and i blanked out the user part of the path, so i dont show my user name to the whole world, in this post)
:mozilla.16:C:\Documents and Settings\ Application data\Mozilla\Firefox\Profiles\ryiqa33p.default\cookies.txt -> Spyware.Cookie.Spylog - this one came from anchorage. some of the other names of the spyloggers are: bridgestat, onestat, hitslink, questionmarket, and spyware.cookie.com. now to get back on track. each of these 7 infestations has resulted in a format, well that is ok when i decide to do it but not when dictated by a bunch of lame wankers. i did try a system repair, to no avail. is there any way to refresh/restore my system files and maintain my apps?

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users