Re: sneaky trojan startup process
- From: "vinny" <vinny@xxxxxxxxxxxxxx>
- Date: Tue, 25 Nov 2008 03:50:01 -0500
"mich" <compukat@xxxxxxxxxxxx> wrote in message
news:01780389-2afb-4d5b-be49-1ae919546f34@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Nov 24, 3:58 pm, "vinny" <vi...@xxxxxxxxxxxxxx> wrote:
"mich" <compu...@xxxxxxxxxxxx> wrote in message
news:c8bf04c2-cccf-464c-a540-b0a650035a2d@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Nov 24, 1:02 pm, "vinny" <vi...@xxxxxxxxxxxxxx> wrote:
"Proctologically Violated " <unfit...@xxxxxxxxxxxxxxx> wrote in message
news:492ae323$1$20287$607ed4bc@xxxxxxxxx
"mich" <compu...@xxxxxxxxxxxx> wrote in message
news:863e3664-b06a-442f-9b83-1d97f77fc410@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Nov 23, 11:31 pm, "vinny" <vi...@xxxxxxxxxxxxxx> wrote:
Damn these guys never give up.
I was scanning for trojans ...found one and removed it.
No biggie.
Good news is I run a few different scanners, because some remove
this,
some
find that, etc....
Then I seen it.
A friggen registry entry in two places:
\safeboot\minimal\tdssserv.sys
\safeboot\network\tdssserv.sys
Damn, that's even low for a trojan.
Here's a tool that will remove anything, providing you know what to
type
in.
avenger
It scans for rootkits, but also has the ability to remove anything if
you
tell it to.
Vinny, great info! Where did you download it from? Just to make
things interesting, there is a virus called avenger ...
=====================================
This site has a link, also good info. text-search on avenger, about
2/3
down iirc.
http://www.antirootkit.com/articles/gromozo/The-strange-case-of-Dr-Ro...
There is shit that apparently disables Avenger (mebbe the avenger
virus?)
as well.
I use Trend Micro, which updates, like, every 4 g-d hours. I wonder if
it
handles rootkits?
There was a thread here about 6 mos-1 yr ago, that proclaimed Norton
itself was a virus. Symantec sucks. I posted my goodbye letter to
Symantec here, *which I had to fax*, so insulated are these
muthafuckas
from the public. No response, of course.
Remember the good old days of having just virus's?
Jeesh, now there's virii, malware, spyware, rootkits, and good old
fashioned
haxoring, and yes..the creded norton clustervirus.
Thing about a rootkit is how devistating it is. Removal of one is best
done
using fdisk and format. I removed one a year ago from my box, a month
later
I reformatted, it just corrupted all kinds of stuff, I coudn't take it
anymore.
But the damage can be controlled.
First...turn off system restore. It spreads virii faster than you can
delete it.
Here's 2 program's I use for rootkits:
rootkit revealer...been using that one for years. Wont fix anything, but
it
is great at telling you what is infected.
The new one I found is "gmer". It kicks, tells you tons of info.
Havn't been rooted since so I don't know if it can see a rootkit, but it
sure does see everything running on my box.
What I like about avenger is it does it before bootup. I dont know if
its
any good, havn't had anything to test it on yet.
The hard part is even knowing what software to trust ... I looked at
some reviews of GMER and they aren't good!
http://www.pcworld.com/downloads/file/fid,64192-order,2-page,11/fileTabs
There's only 2 reviews. One said it made their computer reboot...but then
said it made their computer send an error message to microsoft.
In my opinion the person has no credibility because they didn't even turn
off error reporting, prolly the first thing people kill, and then told us
about it..no shame.lol
The one I'm using is clean, but like I said, havnt been rooted so I dont
know if it works.
However...rootkit revealer does work, I say that from experience.
Neat thing is after running rootkitrevealer I run gmer, and it
says...warning rootkitreaveler.sys is in memory.
So who knows whats going on. lol
To be fair the other detectors don't have a much better user review. I
downloaded AVG Anti-Rootkit Free simply because I know that it's a
real company, not a couple of guys somewhere in South America.
Problem is..the definition of rootkit is "your fuxored".
It's the worst of the worst. More like being hacked than virased.
When I got it a while back, I had to fix it manually. First I printed out
the list of files rootkit revealer made, then in safe mode went delete
crazy. had to break out the widows cd and recopy all kinds of stuff back
in. Being on service pack 2 really made it a pain.
The last straw was when calc wouldn't even work.
My boring point is this:
Rootkit revealer has the perfect name, it basically reveals if you have
been rooted. Once rooted...copy what you care about and fdisk. There's no
fixing it...you can band aid it like I did, but all kinds of stuff was
toast. explorer.exe was changed, iexplorer.exe calc.exe the list went on and
on for 3 pages.
The only thing that let me get away with what I did was ntfs and having
system restore turned off.
Too bad we can't go out and buy something that works. Seems nothing cleans
with a system, they all seem to just run off a list of files and delete
matches.
The antivirus industry is in some sad shape. Real sad.
.
- References:
- sneaky trojan startup process
- From: vinny
- Re: sneaky trojan startup process
- From: mich
- Re: sneaky trojan startup process
- From: Proctologically Violated©®
- Re: sneaky trojan startup process
- From: vinny
- Re: sneaky trojan startup process
- From: mich
- Re: sneaky trojan startup process
- From: vinny
- Re: sneaky trojan startup process
- From: mich
- sneaky trojan startup process
- Prev by Date: Re: New Chick CNC Vise
- Next by Date: Re: New Chick CNC Vise
- Previous by thread: Re: sneaky trojan startup process
- Next by thread: Re: sneaky trojan startup process
- Index(es):
Relevant Pages
|
