Re: WARNING: New Rootkit?
- From: "edgewalker" <null@xxxxxxxxxxxx>
- Date: Fri, 28 Apr 2006 17:53:51 -0400
"Gabriela Salvisberg" <salvie@xxxxxxxxxxxx> wrote in message news:39n252lfgcfpub1orkg8unm6847utimcsp@xxxxxxxxxx
comphelp@xxxxxxxxx (Todd H.) wrote:
Gabriela Salvisberg <salvie@xxxxxxxxxxxx> writes:
You could additionally try F-Secure's Blacklight, which not only scans
for rootkits but also should be able to remove them:
http://www.f-secure.com/blacklight/try.shtml
But if you've been owned enough to have a full rootkit installed on a
given machine, you'd be completely nuts to trust any tool to remove a
rootkit. :-)
I agree. Because you never know what someone might already have
(remotely) done with it.
But that is ancillary to the removal of the rootkit, just as removing a backdoor
may be simple - but you don't know what else was done while it was active.
You'd want to reformat and reinstall from original media.
You're right. If it was my machine, I wouldn't trust it anymore,
unless it got formatted and reinstalled.
If I had reason to believe that it wasn't actually used maliciously, I would
just remove it. Otherwise, - that's what a good backup strategy is for.
But in my opinion: Between "don't do anything about the malware" and
"format and reinstall" there's the "remove malware" option, which is
still a bit (only a *little* bit!) better than doing nothing.
:))
.
- References:
- WARNING: New Rootkit?
- From: animedreamer
- Re: WARNING: New Rootkit?
- From: Gabriela Salvisberg
- Re: WARNING: New Rootkit?
- From: Todd H.
- Re: WARNING: New Rootkit?
- From: Gabriela Salvisberg
- WARNING: New Rootkit?
- Prev by Date: Re: WARNING: New Rootkit?
- Next by Date: Re: BugOff
- Previous by thread: Re: WARNING: New Rootkit?
- Next by thread: Re: WARNING: New Rootkit?
- Index(es):
Relevant Pages
|
