Warning and how to deal with rootkits

[billanben]

Rootkits are basically related more to UNIX but have now begun to be adapted to run in the WINDOWS environment. What are they and why are they dangerous ? Well they are an extremely well-camouflaged program which is designed to run in Kernel mode. By doing so, it can be designed to intercept calls to the kernel, and change the data to ensure it remains undetected. Such an embedded spy can be used to run trojans, infect with virus/worm, keylog and many other things. The point is that because it can change the data which is returned from kernel to user mode, it can completely hide itself from the user - that is why it is so dangerous. Microsoft now have an entire research department working on defeating this menace.

This is a rundown of the steps which can be taken to try to identify and remove such a pest. Please note that according to the sysinternals site, if you are infected and cannot identify the culprit, you may have no option but to completely hose the system.

http://www.worldstart.com/tips/tips.php/1765


Also download, install and run the Microsoft Analyzer Tool from here :-

http://www.microsoft.com/downloads/deta ... laylang=en

1. Run the Microsoft tool in full scan mode.

2. Download the Blacklight F-Secure tool (note this is only valid till 1st October). Install and run tool.

3. Download, install and run in default GUI mode the Sysinternals Rootkits Revealer. Note that just because this comes up with entries, does not mean you have a rootkit, but please check the forum to ensure nothing malicious on your system.

I would suggest you run also Spybot - especially the TeaTimer since this monitors registry real time and alerts you of any attempts to change anything.

Hope this is useful


Rgds

billanben