# A rootkit?......... NOT amused



## Mik (Jan 2, 2008)

For the past 3 darn days I have been trying to get rid of this thing. I didn't even know what one was before I got it....

Avast can't find it.
Spybot can't find it.
Sophos can't find it.
Combofix sees it is there, and tries, but can't get rid of it.
Malwarebytes tries, but it keeps coming back.

WHERE did it come from? We've narrowed that down to two suspects. The Home Model Engine Machinist website was hacked. and/or Kim opened something purportedly from facebook..... I could almost live with the false 'malicious url' pop-ups, and Ask.com being redirected... but what info is it stealing while it is busy being annoying?


----------



## Curmudgeon (Jan 11, 2008)

Try f-secure rootkit revealer (free). 
Or, MS Sysinternals RootkitRevealer. 
You just need to know what you're looking at when the data comes back on that one.


----------



## Mik (Jan 2, 2008)

Fingers crossed. Hitman Pro 3.5.7 identified it as an Alureon variant. TDSSKiller claims to have removed it. No obvious symptoms for the last hour......... We shall see if it re-appears again....


----------



## Dwight Ennis (Jan 2, 2008)

*AVG AntiVirus 2011 free edition* has anti rootkit scans and may clear the problem.


----------



## John J (Dec 29, 2007)

What is a Rootkit?


----------



## blueregal (Jan 3, 2008)

J.J. its like a root canal in yer teeth. You don't want one, and probably don't know if you have one or not. If you have Anti virus and Spywear protection it should find em and remove em. There are a couple of other programs to search and destroy the root kits too!! Like Dwight says the AVG is a good free program to use. I use it daily NOW since I had a terrible problem a weekend ago. I dumped the program I was paying for till Febr. next year because of it. (long story) but AVG is excellent, and I swear by it now. Also Malwearbytes.org is another good one!! Regal


----------



## Gary Armitstead (Jan 2, 2008)

JJ, 

I have been running AVG Free for many years about once a week. But in the last few months, I have been attacked by viruses too many times to remember. Now I run it EVERY day along with MalwareBytes about twice a month. So far so good! Virus free for four months! Also run Microsoft Malicious Software Removal Tool every couple of weeks. A new version for this is available every month from Microsoft. I upgraded to AVG Free version V10, per Dwight's suggestion, this morning. It caught some problems that V9 did not!


----------



## Greg Elmassian (Jan 3, 2008)

Actually, to avoid confusion, the new free AVG product is AVG 2011 Free.... (I guess they went from version 9 to 2011)... 

Greg


----------



## Semper Vaporo (Jan 2, 2008)

Posted By John J on 18 Oct 2010 02:40 PM 
What is a Rootkit? 

A "Rootkit" (or "Root kit") is a program that derives its name from a program (or set of programs - the "kit") that were designed to gain access to the "root" account in a unix computer system (similar to the "Administrator" account in Winders). The name is now more generic and applies to any program that gains access to the Operating System as the "user account" that has the most privileges for making changes or controlling what is going on.

The purpose is to allow a program to perform actions in the Operating System software that a normal or usual user is not supposed to be able to do.

A "Rootkit" usually gets into the stream of things by getting itself installed in the "Boot Sector" of the harddrive and thus has links to the BIOS before the Operating System gets there and can thus maintain its own control over what the Operating System can do, or worse yet, do things kind of "behind the back" of the Operating System. Being there it can also detect when some other program tries to change the links to what they should be. Such as the anti-malware program trying to fix things. When the anti-virus program tries to read the boot sector to see what is in it, the Malware recognizes that action and gives back data that looks like it is right, but is not the real data on the disk. Even if the Anti-Malware program can detect it and attempt to change it the Rootkit program might have a copy of itself elsewhere and gets itself re-installed after the Anti-Malware does it job.

As long as it has it fingers in the pie it can do other things too, like redirect your internet commands to go someplace else (the "nuisance" portion of the stuff) or send the info you are sending (like passwords, etc.) to more than one web site (thus harvesting your passwords and bank account if the creator of the software so desires).


----------



## ThinkerT (Jan 2, 2008)

This thread is giving me flashbacks to my own problems with the nastier grade of virus's not that long ago. 

'Bleeping Computer' had a 'quick and dirty' program that got rid of the bug, and offered step by step directions for manuel removal, but other infections persisted and my computer had taken so much damage from the virus's and the heavier handed fixes I evenutally opted for a full new 'image' (basically wiping the system and startin over). At least I didn't have all that much on it, and was able to transfer what I did have.


----------



## Gary Armitstead (Jan 2, 2008)

Sorry for the confusion about AVG 2011. It IS called AVG Free 2011, but when you get it installed, it says AVG version 10.0.1136, as opposed to the old version 9.?.????. I used their Root Kit Scan this morning and it found some drivers in the Win32 sys that had to do with the Sim or dongle I use in my MasterCAM program. This dongle is used as a security against using the program illegally. Many cad systems have these security sims. As I understand it, a root kit can be malicious or actually part of the system in the drivers. AVG 2011 found them, but did not remove them. Just a warning. You need to be very familiar with the way YOUR computer uses certain drivers.


----------



## Totalwrecker (Feb 26, 2009)

Be sure to update these programs often, at least weekly. The badboys are always tweaking things...


----------



## Nicholas Savatgy (Dec 17, 2008)

Well its good you were able to get rid of it.


----------



## Totalwrecker (Feb 26, 2009)

I installed an Updated version of; Ad Aware Free today and noticed that it is Anti; virus, spyware and rootkit. 
I recommend this product and run it after surfing questionable sites. 
I like it beter than my anti virus program and run it more often. 

John


----------



## Greg Elmassian (Jan 3, 2008)

Avg has the rootkit also... I'll have to look at ad-aware, used it for years, but in the last year, it hardly ever found anything, and the resident part of it took too much cpu...

You might also like malwarebytes..... go to www.malwarebytes.org download the free version. 

Greg


----------

