Dynaverse.net
Off Topic => Engineering => Topic started by: AlchemistiD on August 22, 2008, 04:36:22 am
-
Recently picked up a rootkit infestation.
Which is kind of like catching a cold. There's no F**************** cure. So after careful analysis and steps to combat the infestation I took the only course left to me, I shot the patient.
Don't you love it when windows refers to something as a "Destructive Rebuild"?
I archived everything to disks in safe mode before putting old yeller down, said disks have been checked with fresh versions of every anti-whatever we own.
I ran zonealarm after, just to put a bullet in the thing's corpse.
Anyone else have trouble with these things?
-
Don't you love it when windows refers to something as a "Destructive Rebuild"?
:rofl:
-
Use a tool utility to back up your registry and critical system files. Unwanted root kit or browser hijack appears, clear it, kill the files and restore clean system files.
Happened to me a couple of weeks ago.. only problem has been with Quicktime for my ITunes app. I installed it after my last backup but I backed up again, and there is some registry hook so deep I can't completely uninstall Quicktime. I keep getting a "A new version of quicktime is installed, installation aborting".
Haven't had time or inclination to go after it again yet, but the rest of the system was fine.
Also, on linux or unix, be sure the pword files are in \etc\shadow so they're encrypted.. and always su to root... and using syskey to encrypt your windows SAM database isn't a bad idea either.
-
I run several rootkit scanners every few weeks during safemode to see if anything ever gets installed. It's frustrating, and it leads people to formating their computer and reinstalling every few months.
-
Still reloading everything :'(
-
I run several rootkit scanners every few weeks during safemode to see if anything ever gets installed. It's frustrating, and it leads people to formating their computer and reinstalling every few months.
And exactly how do you do that with Vista. XP allows a reinstall, but without a ghost, Vista seems to rely on you having something already installed. Do you do a reformat as well?
-
I run several rootkit scanners every few weeks during safemode to see if anything ever gets installed. It's frustrating, and it leads people to formating their computer and reinstalling every few months.
And exactly how do you do that with Vista. XP allows a reinstall, but without a ghost, Vista seems to rely on you having something already installed. Do you do a reformat as well?
Are you on a network?
-
I suppose, depends on which computer.
-
I suppose, depends on which computer.
Not sure this will be helpful, but it might: http://technet.microsoft.com/en-us/library/cc721929.aspx
-
It doesn't really. That is dependant on not needed to authenticate and not for individual copies from what I see. Hence, useless.
It also depends on only having one computer as master.
It also, is as it seems, basically making a ghost, but in this case a two computer ghosting process. You still need an installation to do it as well, so once infected it's still useless.
If you took precautions prior, and kept it up and somehow kept the stuff from spreading over the network, and had the right version, it is plausible.
but it still would rely on a version that probably didn't need authentication from what it looks like.
Otherwise, it seems you're up a creek with Vista.
-
It doesn't really. That is dependant on not needed to authenticate and not for individual copies from what I see. Hence, useless.
It also depends on only having one computer as master.
It also, is as it seems, basically making a ghost, but in this case a two computer ghosting process. You still need an installation to do it as well, so once infected it's still useless.
If you took precautions prior, and kept it up and somehow kept the stuff from spreading over the network, and had the right version, it is plausible.
but it still would rely on a version that probably didn't need authentication from what it looks like.
Otherwise, it seems you're up a creek with Vista.
No, it's not "ghosting" or cloning your OS.
-
Cloning okay...hadn't heard that before so gotta excuse me on not knowing the actual term.