Re: Restoring WindowsXP SP2 Firewall service after malicious software attack

Polanski24 wrote:

Hello!

After few days spent on investigating my system I have detected rootkit
presence with only one tool -> SVV by Joanne Rutkowska. All other tools
(I have tested dozens of them) have failed to do so. My only luck with
infection is that programmer who wrote or rather adapted rootkit made
some lousy job so I can see its presence by some very easy to spot
system behaviour abnormalities.

Seems that flattening the system and reinstalling it is coming closer
:).



Definitely. That fact that all tools but one failed to find
the malware is an indication of the trust you should place
in those types of tools.

I'm not sure if the system in question was a desktop or a
server but if it was a desktop, operating it using an
unprivileged account will prevent future mistakes and locally
run software from being able to foul up firewalls, anti-virus
software, and other critical sections of the computer. It will
also significantly reduce the ways the malware can hide itself
or its modifications making recovery, or at least forensics,
easier if something should get through.

--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security
.

Relevant Pages

  • Re: Restoring WindowsXP SP2 Firewall service after malicious software attack
    ... After few days spent on investigating my system I have detected rootkit ... presence with only one tool -> SVV by Joanne Rutkowska. ...
    (microsoft.public.security)
  • Re: [Error number: 0x8DDD0018]
    ... The first step in diagnosing this issue is to have the system scanned here for the presence of malware: ... You may receive an error message that contains the "0x8DDD0018" code or the "0x80246008" code when you try to download updates from the Microsoft Windows Update Web site or from the Microsoft Update Web site ... And, if the One Care Scanner does detect the presence of malware, *strongly* suggest that after the scan you visit one of these reputable anti-malware forums for further assistance in getting the system as cleaned up as possible: ... I checked to make sure that Background Inteligent Transfer Service is running which it was along with Event Log however when I clicked start under Automatic Updates, List of Services I received a dialog box that states "it is disabled or because it has no enabled devices associated with it". ...
    (microsoft.public.windowsupdate)
  • Re: SP2 virus monitoring
    ... easy for "remote admin" that almost any malware presence allows ... So when SP2 tries to query it, it fails; ... have to accomodate SP2. ...
    (microsoft.public.windowsxp.general)
  • Re: hard disk freeze upon norton anti virus 2007 fully scan
    ... Was the system running well before this? ... Why did you just now install NAV2007? ... Presence of malware can interfere with the installation of an AV program or it's scanning. ... If it's not due to the presence of malware, perhaps NAV2007 just doesn't run well on your system. ...
    (microsoft.public.windowsxp.general)
  • Re: Menu bar missing
    ... expression of the presence of a malware. ... Lin Chung. ... [Paste ntlworld over the Water Margin to send a private e-mail.] ...
    (uk.comp.homebuilt)