PDA

View Full Version : [all variants] how do I scan and remove possible rootkit with live-cd ?



NorthernPaladin
November 9th, 2008, 09:48 AM
My friend has a problem, her comp possibly has a rootkit. how do I scan with ubuntu live cd and if it has a rootkit, how do I remove it if it is possible? The computers behavior is that when she logs in the comp shuts automatically down, even in failsafe mode. And BTW its vista

hyper_ch
November 9th, 2008, 10:09 AM
if you think it's a rootkit, the only way to remove it is to backup the data and resetup the machine.

NorthernPaladin
November 9th, 2008, 11:44 AM
is there any way to check if its a rootkit or something else?

kerpow
November 9th, 2008, 11:54 AM
Take a look at this:

http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

Its a free app that runs in windows and looks for traces of root-kits.

Be sure to read the page, not just run the tool.

Good luck.

kerpow
November 9th, 2008, 11:57 AM
if you think it's a rootkit, the only way to remove it is to backup the data and resetup the machine.

By the way, if you have got a root-kit you can't trust anything on that computer anymore. Be carefull about what you backup and transfer over to a new Windows install. Better still get your friend to move to Ubuntu and wave goodbye to root-kits forever! :)

PmDematagoda
November 9th, 2008, 12:11 PM
By the way, if you have got a root-kit you can't trust anything on that computer anymore. Be carefull about what you backup and transfer over to a new Windows install. Better still get your friend to move to Ubuntu and wave goodbye to root-kits forever! :)

That statement is inaccurate since there are root-kits for Linux as well, and when a root-kit affects Linux, it is just as hard to remove it as it is on Windows. The only difference I think is that root-kits aren't as rampant on Linux as it is on Windows, yet.

kerpow
November 10th, 2008, 12:05 AM
That statement is inaccurate since there are root-kits for Linux as well, and when a root-kit affects Linux, it is just as hard to remove it as it is on Windows. The only difference I think is that root-kits aren't as rampant on Linux as it is on Windows, yet.

I stand corrected! :)