Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Best advice about rootkit

  1. #1
    Join Date
    Jul 2009
    Location
    Dayton Ohio USA
    Beans
    1,070
    Distro
    Ubuntu 13.04 Raring Ringtail

    Best advice about rootkit

    I discovered a rootkit on my brother in laws laptop. I've never had to deal with rootkits before and I'm mining for the best utility to deal with them. Avast discovered the rootkit generator but this is probably just the tip of the iceberg.
    It's okay, I'm a limo driver

  2. #2
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Best advice about rootkit

    Back up the important data and re-install, you'll never know exactly what was installed or changed.

  3. #3
    Join Date
    Sep 2009
    Beans
    8,874
    Distro
    Ubuntu Development Release

    Re: Best advice about rootkit

    Quote Originally Posted by cariboo907 View Post
    Back up the important data and re-install, you'll never know exactly what was installed or changed.
    +1 and there are rootkits that are not detectable as well.





  4. #4
    Join Date
    Jan 2007
    Location
    in sunny & hot UK
    Beans
    214

    Re: Best advice about rootkit

    Quote Originally Posted by cariboo907 View Post
    Back up the important data and re-install, you'll never know exactly what was installed or changed.
    so why back-up it now, when data could have been already altered/destroyed?
    format a disk, install a new operating system, restore important data from back-ups done before security was compromised.
    ah, i suspect- since you know it's rootkit, you have an idea (or two) how it get into a system (was it up-to-date? maybe some "codecs" were installed? etc etc)
    Last edited by szymon_g; December 8th, 2010 at 04:01 AM. Reason: grammar

  5. #5
    Join Date
    Sep 2009
    Beans
    8,874
    Distro
    Ubuntu Development Release

    Re: Best advice about rootkit

    Quote Originally Posted by szymon_g View Post
    so why back-up it now, when data could have been already altered/destroyed?
    format a disk, install a new operating system, restore important data from back-ups done before security was compromised.
    ah, i suspect- since you know it's rootkit, you have an idea (or two) how it get into a system (was it up-to-date? maybe some "codecs" were installed? etc etc)
    How do you know when it was compromised I ask?

    I think the post is to back up the important stuff like media....etc, not any of the OS.





  6. #6
    Join Date
    Mar 2009
    Location
    Buenos Aires, AR
    Beans
    2,325
    Distro
    Ubuntu

    Re: Best advice about rootkit

    Nice false positive you got there...

  7. #7
    Join Date
    Jan 2007
    Location
    in sunny & hot UK
    Beans
    214

    Re: Best advice about rootkit

    Quote Originally Posted by wilee-nilee View Post
    How do you know when it was compromised I ask?
    Maybe since the last scan of system?
    not to mention: every detected virus has got a name- googleing it will help to determine when system could be infected (or, rather: could not).

  8. #8
    Join Date
    Jul 2009
    Location
    Dayton Ohio USA
    Beans
    1,070
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Best advice about rootkit

    Both detections came back with negative google responses. Oddest part is they were strings of random numbers and letters. Nasty behavior when active, the usual, deactivate AV but the applet said it was active and working. msconfig disabled as well as task manager. I'll probably give the bad news to brother in law tomorrow after I dig a little deeper to see what else is happening.
    To answer some of the responses, I have general time line of infection( possibly 2days ago) No idea what was being done when infected, (sister and brother in law very computer illiterate),and definite there was/is an infection, not a false positive. I'll double check personal data and wipe drive and restore.
    Last edited by MooPi; December 8th, 2010 at 04:32 AM. Reason: add info
    It's okay, I'm a limo driver

  9. #9
    Join Date
    Sep 2009
    Beans
    8,874
    Distro
    Ubuntu Development Release

    Re: Best advice about rootkit

    Quote Originally Posted by szymon_g View Post
    Maybe since the last scan of system?
    not to mention: every detected virus has got a name- googleing it will help to determine when system could be infected (or, rather: could not).
    Your argument is in a perfect world, where all virus/malware/rootkits/bots....etc are all detectable and moopi or their kin have all these tools. You are arguing a moot point let it go.





  10. #10
    Join Date
    May 2010
    Location
    Tewkesbury uk
    Beans
    7,655
    Distro
    Ubuntu Development Release

    Re: Best advice about rootkit

    MooPi

    What OS?
    Join us on irc at #ubuntuforums. For web chat see here

    If you believe everything you read, you better not read. ~ Japanese Proverb

    Do not read newspapers on an empty stomach ~ Russian Proverb ~ BrunoLotse

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •