Re: Urgent!!! My computer seems to be hacked, pls HELP!!!


Darren Dunham wrote:
René Berber wrote:

Then run a rootkit detection and/or anti-virus detection to try to
find out where that process came from (there are several to choose
from).

Good luck with that. There's plenty of malware out there that evades
AV detection and rootkit detection. All your detectors can tell you
is whether you have malware that they know about. There's plenty they
don't know about (or which has been repacked in order to evade
detection).

Do you have any experience at all?

"Evade detection", you must be kidding. FYI most rootkits are very
simple, they install a modified telnet or ssh and some scripts, that's
it; and any good anti-virus detects those and you have the option of
using things like tripwire so you don't even need anti-virus.

Ouch. So now you're assuming no one has ever used a basically
unmodified rootkit and additionally placed a 'stealth' component on the
target. It'll make you feel nice and happy when you find and "remove"
the rootkit, but you won't be any less vulnerable.

Assuming? Do you see any assumptions above? Basically unmodified
rootkit? A rootkit is a class not a singleton.

If you really want to do things carefully, you can boot from a CD and
check your drive from there. There are several options for the CD, I
have "System Rescue CD".

Unless the CD nukes any unknown (read non-OS) executable on the drive or
you have some known state to compare against (a la tripwire), I don't
see how you can effectively check a drive. It's certainly possible, but
requires you've done work before the attack. Afterward is too late.

Not true, and it really makes no sense continuing to discuss this.
--
R.Berber

.

Relevant Pages

  • Re: Urgent!!! My computer seems to be hacked, pls HELP!!!
    ... There's plenty of malware out there that evades ... AV detection and rootkit detection. ... is whether you have malware that they know about. ...
    (comp.security.ssh)
  • RE: Microsoft Phishing Filter Add-in for MSN Search Toolbar
    ... Well,you need to remove it,to remove the rootkit. ... And I told you to zip the folder and send it for analyze to VirusTotal. ... They will scan it for malware with almost ALL antivirus softwares with the ... Panda TruPrevent - the most intelligent technology to combat unknown malware ...
    (microsoft.public.security)
  • Re: hacktool.rootkit HELP
    ... also real time scanning. ... Once malware is active it has the potential to smack ... but may not if there's a rootkit altering the behavior ...
    (microsoft.public.security.virus)
  • Re: A Hijacking Problem
    ... There is NO RootKit in this. ... | indentified malware has already downloaded and installed a lot of other ... installation of WinAntivirus Pro, ... "There is a security vulnerability from the Blackworm virus. ...
    (alt.computer.security)
  • RE: system32 "invisible" system.drv deleted
    ... this was Malware utilizing a rootkit. ... ability to hide files or applications from the rest of the operating system. ... I had new virus signatures, ...
    (microsoft.public.win2000.general)