Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

If I suspect rootkits, what tool should I use to locate them?


  • Please log in to reply
6 replies to this topic

#1 DougN8R

DougN8R

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 18 August 2016 - 04:00 PM

Since I am advised not to use Combofix as a 1st level of diagnostics, what procedure should I follow to diagnose hidden malware?  Is there an effective Combofix-like tool to scan-only or are there Combofix switches I can use to generate reports to display results for review?

 

Thank you in advance for your advice.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:23 AM

Posted 18 August 2016 - 08:12 PM

Hi Doug,Better to post from this guide. We will help you with ComboFix if needed.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 DougN8R

DougN8R
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 18 August 2016 - 08:35 PM

Thank you for your reply. My question was more related to quick check to see if there is hidden malware rather than opening up a case and going through the entire process.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:23 AM

Posted 18 August 2016 - 08:41 PM

Well you can run this. But rootkits are serious malware.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Double click on downloaded file. OK self extracting prompt.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 DougN8R

DougN8R
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 18 August 2016 - 09:09 PM

Thank you for your reply. My question was more related to quick check to see if there is hidden malware rather than opening up a case and going through the entire process. Any diagnostic

#6 DougN8R

DougN8R
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 18 August 2016 - 09:22 PM

In your opinion, how is MWB Anti-rootkit?
I'm guilty of using Combofix hastily.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:23 AM

Posted 18 August 2016 - 10:21 PM

Well if you used it is best to have that log reviewed in the other forum from the guide.

Mbar is a very good tool. Just not as thorough as Combo..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users