what is a rootkit virus ?


S

southwalker

got hit by one of those
had to use a Kaspersky program to get rid of it on the disk

it wasnt in the windows startup autoruns.

is it in the regsitry somewhere
or in part of the drive when the PC boots ?
How do you know if you have one of these rootkit whatevers?
 
Ad

Advertisements

P

Paul

How do you know if you have one of these rootkit whatevers?
Example of a tool.

http://en.wikipedia.org/wiki/GMER

Example of why you shouldn't bother with a specialized tool.

http://en.wikipedia.org/wiki/Rootkit

"Any rootkit detectors that prove effective ultimately contribute
to their own ineffectiveness, as malware authors adapt and test
their code to escape detection by well-used tools."

You can use your regular AV software, which is updated
daily, to keep on top of that stuff. If your AV is
not detecting something, and you see symptoms of an
infection (machine is doing whatever the hell it feels
like), then you should try an offline scanner. This
is an example of an offline scanner. This product makes
a bootable CD or bootable USB key, you boot it instead
of your regular OS, and then it can scan using its own
(uninfected) OS. There are a couple other companies that
have made tools like this. I used another one previously,
and with that one, I could never be sure it was actually
doing anything productive. Now, when I test a tool like
this, I put a copy of EICAR on the disk, so it'll have something
easy to detect. It should at least find EICAR.

http://support.kaspersky.com/viruses/rescuedisk/main?qid=208286083

http://en.wikipedia.org/wiki/EICAR_test_file

In terms of the advertising for AV software, it isn't always
easy to find confirmation the product can detect root kits.
Sometimes, you'll need commentary from something like
AV-comparatives, to get some idea what the AV is good at.
Some of the very newest, small AV companies, aren't
good at anything. (But they'll get there, eventually.)

Paul
 
Ad

Advertisements

S

southwalker

Example of a tool.

http://en.wikipedia.org/wiki/GMER

Example of why you shouldn't bother with a specialized tool.

http://en.wikipedia.org/wiki/Rootkit

"Any rootkit detectors that prove effective ultimately contribute
to their own ineffectiveness, as malware authors adapt and test
their code to escape detection by well-used tools."

You can use your regular AV software, which is updated
daily, to keep on top of that stuff. If your AV is
not detecting something, and you see symptoms of an
infection (machine is doing whatever the hell it feels
like), then you should try an offline scanner. This
is an example of an offline scanner. This product makes
a bootable CD or bootable USB key, you boot it instead
of your regular OS, and then it can scan using its own
(uninfected) OS. There are a couple other companies that
have made tools like this. I used another one previously,
and with that one, I could never be sure it was actually
doing anything productive. Now, when I test a tool like
this, I put a copy of EICAR on the disk, so it'll have something
easy to detect. It should at least find EICAR.

http://support.kaspersky.com/viruses/rescuedisk/main?qid=208286083

http://en.wikipedia.org/wiki/EICAR_test_file

In terms of the advertising for AV software, it isn't always
easy to find confirmation the product can detect root kits.
Sometimes, you'll need commentary from something like
AV-comparatives, to get some idea what the AV is good at.
Some of the very newest, small AV companies, aren't
good at anything. (But they'll get there, eventually.)

Paul

That reply was a fountain of useful information. Thanks
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top