• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos0

How do you know if you have a rootkit?

How do you know if you have a rootkit that is sealth?  What if Norton can't detect it because it's too sealth and it doesn't give any notice that it's on your computer?

Replies

Kudos0

Re: How do you know if you have a rootkit?

Hi joestay,

Are you asking because you suspect a rootkit on your computer or because you are simply interested in this atrocious phenomenon? 

In the first case, please follow mdturner's suggestion. 

Kudos0

Re: How do you know if you have a rootkit?

How do you know if you have a rootkit that is sealth?  What if Norton can't detect it because it's too sealth and it doesn't give any notice that it's on your computer?
Kudos4

Re: How do you know if you have a rootkit?

joestay:

Rootkits are not all that stealthy.  As you can see from looking at some of the threads, the first thing they do is shut down your Norton.  It will not scan.  You may be prevented from going to security oriented websites.  If you try to download MBAM or SAS it will probably not download, or it will not run.

Your computer will soon begin to show the malware that is downloaded by the rootkit.  DNSchangers, and rogue antivirus and many others.  A rootkit infection is not something you are going to fail to notice.  You might not know what it is until confirmed, but there will be no doubt in your mind that you have a serious infection.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos2

Re: How do you know if you have a rootkit?

You can check out a Wikipedia article on rootkits over here:

http://en.wikipedia.org/wiki/Rootkits

Message Edited by Yaso_Kuuhl on 09-18-2009 09:54 AM
Kudos0

Re: How do you know if you have a rootkit?

From the article of rootkits...it seems to be xtremely DEADLY, worst is that there aren't any ways to remove it.  In that case,  NIS or Malwarebytes or any rootkits killer would be useless.....

TGIF

Kudos1

Re: How do you know if you have a rootkit?

You need very special tools (e.g. Avenger) and a trained expert like Quads to handle said tools to get the rootkits out. And cooperative posters, of course...by which I mean: posters who do not try to fix things on their own, because it can only make things worse, and who follow the removal instructions they are given. That's not always the case as I've seen in some of the rootkits threads :-/ Some of the posters just try doing their own thing and have only a complete battlefield to present to Quads.

Message Edited by Yaso_Kuuhl on 09-18-2009 10:35 AM
Kudos0

Re: How do you know if you have a rootkit?

Oh, I'm just asking because I became interested with it from seeing the post on this forum.  So I went and read the wikipedia about rootkit and saw how crazy it could be.  What if there's a keylogger or some other program that could not be detected because of the rootkit?  I was just wondering how you could tell.  Is reformating the hard drive to factory condition remove the rootkit and make the system clean again?
Kudos1

Re: How do you know if you have a rootkit?


joestay wrote:
Oh, I'm just asking because I became interested with it from seeing the post on this forum.  So I went and read the wikipedia about rootkit and saw how crazy it could be.  What if there's a keylogger or some other program that could not be detected because of the rootkit?  I was just wondering how you could tell.  Is reformating the hard drive to factory condition remove the rootkit and make the system clean again?
If the system could not be cleaned then a hard disk format and rebuild of your system is an option you could use. As delphinium pointed out in an earlier post you will know if you have a rootkit.
We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone
Kudos0

Re: How do you know if you have a rootkit?

  If I've read a lot of these postings correctly, even a complete reformatting of the hard drive might not remove a rootkit infection.  I don't know where it could hide, but there must be someplace somewhere.  Looks like it's best to wait for a GURU to tell you what program to run, post the results and wait for more instructions.  I think that would be the hard part, just waiting..
Kudos0

Re: How do you know if you have a rootkit?


PC_confused wrote:
  If I've read a lot of these postings correctly, even a complete reformatting of the hard drive might not remove a rootkit infection.  I don't know where it could hide, but there must be someplace somewhere.  Looks like it's best to wait for a GURU to tell you what program to run, post the results and wait for more instructions.  I think that would be the hard part, just waiting..

The posters question was hypothetical!!

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone
Kudos0

Re: How do you know if you have a rootkit?

Its unlikely that it would go unnoticed. Possibly the rootkit all by itself, but rootkits generally (probably always) download additional malware. So basically if you're connected to the net, you'll notice yourself getting lots of virii, even though you may not be browsing the net or downloading anything yourself.

you'll notice crashes, system slow downs, access right error etc. all that kind of thing. maware is malicious, and malevolent actions never go unnoticed. Most people can't remove rootkits - in fact the vast majority can't, including myself - and so if you have no one who can remove it for you, a low-level format may be able to.

Matt

"The fact that man knows right from wrong proves his intellectual superiority to other creatures; but the fact that he can do wrong proves his moral inferiority to any creature that cannot."- Mark Twain
Kudos0

Re: How do you know if you have a rootkit?

Run this:

Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan, as well as any other antimalware program you may have installed on your PC.

Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply.

Choose log, check all the boxes except show hidden objects only and then scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

You can download SysProt from here

http://homepages.slingshot.co.nz/~crutches/SysProt

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

Replies are locked for this thread.