Not what you were looking for? Ask our experts!
Reply
Contributor
joestay
Posts: 22
Registered: ‎09-07-2009

How do you know if you have a rootkit?

How do you know if you have a rootkit that is sealth?  What if Norton can't detect it because it's too sealth and it doesn't give any notice that it's on your computer?
Norton Fighter
mdturner
Posts: 5,308
Registered: ‎04-11-2008

Re: How do you know if you have a rootkit?

Run this:

 

Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan, as well as any other antimalware program you may have installed on your PC.

Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply.

Choose log, check all the boxes except show hidden objects only and then scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

You can download SysProt from here

http://homepages.slingshot.co.nz/~crutches/SysProt

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

Yaso_Kuuhl
Posts: 5,799
Kudos: 1,438
Solutions: 528
Registered: ‎02-19-2009

Re: How do you know if you have a rootkit?

Hi joestay,

Are you asking because you suspect a rootkit on your computer or because you are simply interested in this atrocious phenomenon? 

In the first case, please follow mdturner's suggestion. 

 

delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: How do you know if you have a rootkit?

joestay:

 

Rootkits are not all that stealthy.  As you can see from looking at some of the threads, the first thing they do is shut down your Norton.  It will not scan.  You may be prevented from going to security oriented websites.  If you try to download MBAM or SAS it will probably not download, or it will not run.

 

Your computer will soon begin to show the malware that is downloaded by the rootkit.  DNSchangers, and rogue antivirus and many others.  A rootkit infection is not something you are going to fail to notice.  You might not know what it is until confirmed, but there will be no doubt in your mind that you have a serious infection.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Yaso_Kuuhl
Posts: 5,799
Kudos: 1,438
Solutions: 528
Registered: ‎02-19-2009

Re: How do you know if you have a rootkit?

[ Edited ]

You can check out a Wikipedia article on rootkits over here:

http://en.wikipedia.org/wiki/Rootkits

Message Edited by Yaso_Kuuhl on 09-18-2009 09:54 AM
Keylogger Crusher
Sea_Monster
Posts: 470
Registered: ‎06-19-2008

Re: How do you know if you have a rootkit?

From the article of rootkits...it seems to be xtremely DEADLY, worst is that there aren't any ways to remove it.  In that case,  NIS or Malwarebytes or any rootkits killer would be useless.....

 

TGIF

 

 

Yaso_Kuuhl
Posts: 5,799
Kudos: 1,438
Solutions: 528
Registered: ‎02-19-2009

Re: How do you know if you have a rootkit?

[ Edited ]
You need very special tools (e.g. Avenger) and a trained expert like Quads to handle said tools to get the rootkits out. And cooperative posters, of course...by which I mean: posters who do not try to fix things on their own, because it can only make things worse, and who follow the removal instructions they are given. That's not always the case as I've seen in some of the rootkits threads :-/ Some of the posters just try doing their own thing and have only a complete battlefield to present to Quads.

Message Edited by Yaso_Kuuhl on 09-18-2009 10:35 AM
Contributor
joestay
Posts: 22
Registered: ‎09-07-2009

Re: How do you know if you have a rootkit?

Oh, I'm just asking because I became interested with it from seeing the post on this forum.  So I went and read the wikipedia about rootkit and saw how crazy it could be.  What if there's a keylogger or some other program that could not be detected because of the rootkit?  I was just wondering how you could tell.  Is reformating the hard drive to factory condition remove the rootkit and make the system clean again?
Norton Fighter
mdturner
Posts: 5,308
Registered: ‎04-11-2008

Re: How do you know if you have a rootkit?


joestay wrote:
Oh, I'm just asking because I became interested with it from seeing the post on this forum.  So I went and read the wikipedia about rootkit and saw how crazy it could be.  What if there's a keylogger or some other program that could not be detected because of the rootkit?  I was just wondering how you could tell.  Is reformating the hard drive to factory condition remove the rootkit and make the system clean again?

 

If the system could not be cleaned then a hard disk format and rebuild of your system is an option you could use. As delphinium pointed out in an earlier post you will know if you have a rootkit.

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

PC_confused
Posts: 850
Topics: 120
Kudos: 120
Solutions: 28
Registered: ‎03-21-2009

Re: How do you know if you have a rootkit?

  If I've read a lot of these postings correctly, even a complete reformatting of the hard drive might not remove a rootkit infection.  I don't know where it could hide, but there must be someplace somewhere.  Looks like it's best to wait for a GURU to tell you what program to run, post the results and wait for more instructions.  I think that would be the hard part, just waiting..