PDA

View Full Version : Question for Guru,s



kjaada
19-02-2010, 05:35 AM
I see there is a bad rootkit malware on the loose affecting XP.
While it will not affect me I am curious to know:
Could a linux live CD be used to clear the likes of this out of a MS system.

gary67
19-02-2010, 06:35 AM
I guess it could if you know where to look and what your looking for, I doubt I would though without help from on here

nofam
19-02-2010, 08:24 AM
You could use UBDC/Hirens to boot off and clean it that way, but as Gary says, other than giving you 'a place to stand', no Linux distro is going to give you a hand-holding removal process.

Your best bet is to be preventative (a little harder with a rootkit), or pull the drive and slave it before scanning with NOD32.

wainuitech
19-02-2010, 08:56 AM
you would have to know exactly what you are looking for, each and every file - even then you may not get everything.

You would be better off using a dedicated rootkit removal program - plenty about, but once again you have to be careful as to what you remove. Just a few (http://www.renjusblog.com/2009/10/best-rootkit-removal-tools-free.html) - but like the one from Sysinternals, it shows all hidden files/folders/reg keys and most are legit OS files, remove them and you would be going towards a reinstall

kjaada
19-02-2010, 09:15 AM
I actually posted as I wondered if it was reasonably easy with linux,why it
had never been mentioned.Thanks for your answers and I take them on board.

Speedy Gonzales
19-02-2010, 09:22 AM
trojan remover (not free) will probably remove it. Or malwarebytes. Boot into safe mode then scan it with one of these

kjaada
19-02-2010, 10:16 AM
trojan remover (not free) will probably remove it. Or malwarebytes. Boot into safe mode then scan it with one of these

I actually thought I was finished with this as it was just a query after seeing several news items on this latest rootkit trojan affecting thousands of XP users.
But now to further the "investigation" as my partner has "that other OS" will the MS security system prevent this latest attack on "the other system"
signed:
Dedicated linux.(from way back)

Speedy Gonzales
19-02-2010, 10:19 AM
Depends what the name of the rootkit is, and whether its in MSE's database. If it is, it should remove it. XP is on the other PC here. And hasnt been infected yet. It wont affect XP just because it can. Just be careful where you go / download and install. Have you got a link for this rootkit, youre talking about?

kjaada
19-02-2010, 10:55 AM
Go here:
http://gcn.com/articles/2010/02/12/xp-patch-caused-blue-screen-of-death.aspx

Speedy Gonzales
19-02-2010, 11:10 AM
You've got more chance of getting that rootkit, if you use P2P programs. MS have confirmed the rootkit causes that BSOD (if you installed the KB 977615 update).

Link (http://blogs.technet.com/msrc/archive/2010/02/17/update-restart-issues-after-installing-ms10-015-and-the-alureon-rootkit.aspx)

Dont use P2P programs, and you'll have less chance of getting it. However, if you use 64 bit windows, you wont get it / it doesnt run in 64 bit

So, if you decide to install an update (which updates the windows kernel), scan your system, before you install it (esp, if youre using a P2P program).

So, its not the windows update that makes a system crash, its because the system was infected, before you installed it

kjaada
19-02-2010, 11:32 AM
I sort of wish I had never got in to this:
I am 100% linux from way back but try to make sure my partner is not at
risk on her XP pro box.When I see a warning like I saw this morning at 4am
I get very worried about her protection and browsing habits.(she has very little of the first and is very slack about the 2nd)She will not let me near her box cause she is sure I will "slip" linux on to it and she will be lost.

Speedy Gonzales
19-02-2010, 11:57 AM
It wont be this rootkit, you wouldnt even get into windows (it'll bluescreen) before you do. If it was. Well if there are any P2P programs on it, uninstall them then scan it with something. So what did this warning say? This wont give you any warning, it'll give you a bluescreen. If she's not going to listen to anyone, thats her prob,. If she gets infected, maybe she will after she formats the hdd