View previous topic :: View next topic |
Author |
Message |
Me#1You#10 Site Admin
Joined: 06 May 2004 Posts: 6503
|
Posted: Sat Dec 15, 2007 11:41 pm Post subject: "One in Five PCs Infected With Rootkits" |
|
|
Stumbled across this article recently and am passing it along FWIW. I did some preliminary checking in a security forum that I frequent and Prevx CSI appears to be a reputable and somewhat effective program (among several others)...and FREE.
Ran it on mine and I came up clean (whew). Anyway, give it a try if you haven't properly nourished your security paranoia as of late...
Quote: | One in Five PCs Infected With Rootkits
Malware researchers have uncovered 'massive growth' in the number of PCs harboring silent rootkit infections.
Matt Egan, PC Advisor
PC World
December 13, 2007
Malware researchers at Prevx have highlighted what they are calling a 'massive growth' in the number of PCs harboring rootkit infections.
More than 725,000 PCs were scanned using the Prevx CSI malware scanner over a two-month period. Of the around 291,000 users who scanned their PCs during October 2007, some form of spyware or malware was found on one in six.
Significantly, although rootkits were detected on 15.6% of PCs during October 2007, that figure had risen to 22% by early December.
According to Prevx's Jacques Erasmus: "The rise of the rootkits has begun."
PC World - cont'd |
|
|
Back to top |
|
|
baldeagle PO2
Joined: 27 Oct 2004 Posts: 362 Location: Grand Saline, Texas
|
Posted: Sun Dec 16, 2007 3:36 am Post subject: |
|
|
Good find, #1..I, too, was clean, but this seems to be a good tool to run occasionally. _________________ "In a word, I want an American character, that the powers of Europe may be convinced we act for ourselves and not for others; this, in my judgment, is the only way to be respected abroad and happy at home." --George Washington |
|
Back to top |
|
|
GoophyDog PO1
Joined: 10 Jun 2004 Posts: 480 Location: Washington - The Evergreen State
|
Posted: Sun Dec 16, 2007 9:12 pm Post subject: |
|
|
Clean as well. Thanks Me, though its interesting that in para 12 they do mention doing some data collection and reporting. I'm wondering if it is automatic or you get to choose to send info on.
I've been using WinPatrol for a number of years and between it and Symantec I've yet to be hit (fingers crossed). _________________ Why ask? Because it needs asking. |
|
Back to top |
|
|
BuffaloJack Master Chief Petty Officer of the Navy
Joined: 10 Aug 2004 Posts: 1637 Location: Buffalo, New York
|
Posted: Sun Dec 16, 2007 10:11 pm Post subject: |
|
|
I tried it and I'm clean.
This whole anti-virus, spyware, root kit thing is a pain.
I would image that most people run the top 3 or 4 (McAfee, Norton, etc.). These first line products are very good at catching virsues, worm, trojans and the like, but they have one flaw. In order to not interfere too much with your machine and actually allow you to get some work in of your own, they limit their active searches to stuff that isn't more than 2 or 3 years old. If you get a critter that has been around for 5 or 6 years, or maybe some old boot sector virus that is 10 years old, they will not detect it. A couple of the other AV programs are good for this. The one called Housecall at TrendMicro is excellent at this. If you actually subscribe to the Trend Micro stuff, it is a resource hog and you PC will run slow and frustrate you, however, running their free housecall every few months works wonders and finds lots of stuff McAfee and Norton miss.
One of the tricks the IT guys do at work is run McAfee on one server and Norton on another and then they have them configured to check each other. They still run TrendMicro's housecall periodically. _________________ Swift Boats - Qui Nhon (12/69-4/70), Cat Lo (4/70-5/70), Vung Tau (5/70-12/71) |
|
Back to top |
|
|
Me#1You#10 Site Admin
Joined: 06 May 2004 Posts: 6503
|
Posted: Sun Dec 16, 2007 10:31 pm Post subject: |
|
|
Thanks Jack...I'll check it out. |
|
Back to top |
|
|
dusty Admiral
Joined: 27 Aug 2004 Posts: 1264 Location: East Texas
|
Posted: Mon Dec 17, 2007 5:44 am Post subject: |
|
|
Operating a computer repair company, I too frequent a number of PC Repair forums and routinely clean viruses and spyware off of anywhere from 4 to 15 computers weekly.
The large majority of PC Repair technicians across the country use several products to find and remove these pests.
Here is my list of cleaners.
No. 1 to install and run on an infected machine is AVG's free edition antivirus program.
No. 2 is VUndo
No. 3 is Prevx.
No. 4 is Superantispy free for home users edition.
No. 5 is the AVG free antispy program.
No. 6 is the AVG Rootkit scanner (also free to use)
NOTE: I get a lot of computers that are so infected nothing can be installed on them even in safe mode. On these machines it's necessary to remove the hard drive and mount is as a slave drive in another computer and scan the drive from there.
As always, the System Restore feature should be turned off before the scans are run to prevent re-infection from those protected files.
Once the system is clean of infections the System Restore is turned back on and Clean restore point is set.
I always leave the Superantispy and the AVG antirootkit programs installed on the customer's computer with instructions on how to use them included in his/her invoice.
If they have a paid up subscription to any antivirus programs I leave that applicaton on their computer and re-activate it and then remove the antivirus products I installed.
(I always deactivate whatever antivirus program any computer has on it before I install the AVG product. It is not a good practice to have more than one antivirus program running at the same time. It is ok to have several antispy programs running together.)
Quite often I have to run a program that resets the TCP/IP stack and the Winsock layers to restore Internet functionality that malware has corrupted. XPTCP/IP reset is a good free application to use for this purpose.
http://www.xp-smoker.com/freeware.html
Most users of Norton and McAfee would be shocked to see the number of infections those two progams will miss finding. Although in the last 12 mos. they have both improved drastically in their performance.
Dusty _________________ Left and Wrong are the opposite of Right! |
|
Back to top |
|
|
Me#1You#10 Site Admin
Joined: 06 May 2004 Posts: 6503
|
Posted: Mon Dec 17, 2007 6:33 am Post subject: |
|
|
Ahhhh...nice to know we have a voice of experience to access here
dusty wrote: | Here is my list of cleaners...
No. 2 is VUndo |
I understand "VUndo" is a trojan. Is that also the name of the cleaner? Do you have a link? |
|
Back to top |
|
|
dusty Admiral
Joined: 27 Aug 2004 Posts: 1264 Location: East Texas
|
Posted: Mon Dec 17, 2007 1:17 pm Post subject: |
|
|
Me$1 you are correct. Vundo is a trojan. There is a remover for it and several other hard to remove trojans called Vundofix.exe
I'm sorry I didn't put the full name in the above posting but when anyone searched for the name Vundo they would have come up with the link to download the Vundofix.exe file from many sites like Symantec and many other antivirus vendors.
Here is the link to the download for Vundofix.exe
Click on the Downloads link and VundoFix.exe is at the top of the list.
http://www.atribune.org/
Dusty _________________ Left and Wrong are the opposite of Right! |
|
Back to top |
|
|
Me#1You#10 Site Admin
Joined: 06 May 2004 Posts: 6503
|
Posted: Mon Dec 17, 2007 5:47 pm Post subject: |
|
|
dusty wrote: | Me$1 you are correct. Vundo is a trojan. There is a remover for it and several other hard to remove trojans called Vundofix.exe |
Thanks. Although the link is certainly appreciated, the name of the program itself was my main concern...although obtaining the file itself from a source that you found to be reputable is also a plus.
Perhaps a bit more on what led me into this discussion is warranted.
I've been subscribed to a "Google News" alert on SVPT for a long time now...and it's been an invaluable source for keeping tabs on internet references to the SVPT campaign. For over three years now, those alerts have garnered a high level of trust in me as being legitimate links to legitimate content...until last week.
Clicking on a link, I was taken to a website that presented a "video" window (which I THOUGHT was the "source" of the Google News alert). The web page prompted me to download a new "codec" in the form of an ".exe" file in order to view the video. THAT alerted me immediately as being potentially risky, but I was still in the "trust" mode as I had gotten there from a Google alert...so I commenced to allow the download, virus-checked the .exe file (NO alerts) and commenced the installation. BIG mistake.
Both "Windows Defender" and "Spybot S&D" started serving up warnings which I responded to negatively (that is, I didn't ALLOW the changes to be made that the program was attempting to implement). THAT saved my butt...apparently...as my puter (after some reading, downloading and scanning) appears to be free from the malware that file attempted to install. It's worth noting that my A/V program (McAfee) slept through it all.
Long story short, it was a porn video that was ultimately served up as well as an attempted installation of the "VUndo" Trojan, "Adware:Win32/SmitFraud" and, perhaps, several others...a close call for me. I was sucked in though by a "socially engineered" malware attack.
However, it WAS a learning experience and introduced me to some new defenses which will become integral in my internet use from now on, one of which is a terrific (and FREE) scanning service for individual files at a website called "Virus Total". Upload a file there and it scans the file using multiple A/V programs and will provide you with additional information on the file when warranted.
Here, for example, is the output on the supposed "codec" installation I downloaded...note the "McAfee" response Wish I had done this beforehand...ah well...live and learn...
http://www.virustotal.com/sl/resultado.html?a736988dba0c4e3edd4489c54111ea2b
P.S. English IS available from the top menu
P.P.S. "VUndofix" gave me a clean bill of health |
|
Back to top |
|
|
|