Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"rootkit"--protection And/or Detection


  • Please log in to reply
3 replies to this topic

#1 1Bart

1Bart

  • Members
  • 263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ-Just across the Hudson from lower Manhattan
  • Local time:07:01 PM

Posted 15 December 2006 - 07:02 AM

Hello Everyone!!!

I am an avid reader of this professionally run and highly regarded site. I aspire to its level of excellence. I am enjoying the speed and security that it has provided...And I want to keep it that way.....

As a novice, a little info just may be dangerous. RootKit awareness is now on the table and I am not exactly sure what it is. Malware that installs upon booting and thus avoids detection by many scans...?

I do all scans, if possible, in "Safe" mode which I have come to understand, helps in this fashion. But I believe there are specifically designed "scans" that address this specific issue.

RootKit Revealer v1.71 (231KB) by Microsoft??? appears to do this. Is this a good program for such. It does NOT seem to be "bloated" and I'm not so sure if it "installs" anything which is preferable.

This program apparently "detects" malware but does it also eliminate it? I prefer ones that do both because I do not know what to do with the results if there is no solution

Is there a "protection" of this genre of malware...or does it just fall into general active protection. It seems the thrust here is "where" the malware decides to "hide".

I am looking for "just another brick" in the wall" for the protection of the computer. Let's face it...WHERE you go is the determining factor here

Thank all of you and have a happy and healthy holiday!!!!!

WinXP Home 1.5GB RAM/160GB Mem
Active Protection--- AOL Security Suite..Please do not laugh....LOL

Scans--- Spybot S&D, Ad-Aware, Bit-Defender-8, Windows Live One Care, Windows Defender, SpywareBlaster, AVG Anti Spyware. ALL "active" protections are OFF. Used as spot scanners...

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,324 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:01 PM

Posted 15 December 2006 - 07:54 AM

Interpreting the scan results of this tool would require a knowledge well above that of the average user. For more info read the article in this link:
http://www.microsoft.com/technet/sysintern...itRevealer.mspx

--------------------------------------------------------------------------------



http://www.techweb.com/showArticle.jhtml;j...cleID=196603916

Rustock Trojan A Model For Future Threats



By Gregg Keizer,

The tactics used by a sophisticated threat of 2006 will become staples in exploits during the year to come, a security researcher said Wednesday.
That threat, dubbed "Rustock" by Symantec, is a family of backdoor Trojan horses that first appeared nearly a year ago, says Patrick Martin, a senior product manager with the Cupertino, Calif., company's security response team.

"The techniques that [Rustock] is using will be the baseline for threats in the future," Martin says. "Attackers are looking around to see what techniques are working, then incorporating them. [Things] like this are the threats of the future."

Among Rustock's distinguishing characteristics are its heavy reliance on advanced rootkit technologies to hide from security software and its changeling-like ability to morph itself each time it infects a file.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 1Bart

1Bart
  • Topic Starter

  • Members
  • 263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ-Just across the Hudson from lower Manhattan
  • Local time:07:01 PM

Posted 15 December 2006 - 08:33 AM

Hello,

Thanks for the great advice...and the articles. These "people" work hard at it...don't they!!???

SO, is there anything much that that a novice user can do in this respect...other than safe browsing...?

Am I correct in assuming the "Windows LiveOne care" does NOT address this issue?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:01 PM

Posted 15 December 2006 - 10:59 AM

Rootkits: The Obscure Hacker Attack
http://www.microsoft.com/technet/community...tip/st1005.mspx

Understanding Hidden Threats: Rootkits and Botnets
http://www.us-cert.gov/cas/tips/ST06-001.html

Windows rootkits in 2005, Part 1 of 3 [2005-11-04]
http://www.securityfocus.com/infocus/1850

Windows rootkits of 2005, Part 2 of 3 [2005-11-17]
http://www.securityfocus.com/infocus/1851

Windows rootkits of 2005, Part 3 of 3 [2006-01-05]
http://www.securityfocus.com/infocus/1854
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users