Pages: 1 [2]   Go Down
Print
Author Topic: rootkit  (Read 6690 times)
Simon Pieman
Original Wanker

Offline Offline

Posts: 36317




« Reply #15 on: Tuesday, February 23, 2010, 10:56:41 »

Quite a few hours, spread over several days. It would have been easier and a lot quicker if the computer was physically in front of me. We wasted much time just getting the remote desktop to work.

Having said that, had I used the gmer tool to start with it would have taken a fraction of the time, even remotely, so it really does come highly recommended.

The tools I used were as follows:

Avast anti-virus
Malwarebytes Anti-Malware
Trend Micro HijackThis
Gmer.exe
Windows System Integrity Scans in the command line
Remove the offending file manually
Tried to remove the offending file using the command line as well and it wasn't having any of it
I think Juddie had also run online scans and Spyware Doctor

In the end I disabled system restore, unlocked and stopped the hidden process with gmer.exe, scanned and removed the offending file using malwarebytes (after I had confirmed it was a completely bogus sys file). Run a system integrity check to make sure there were no issues and then re-enabled system restore once all scans were coming up clean. Probably one of the most persistent things I've come across.

That probably means you have grounds to quote someone above and use your catchphrase Smiley
Logged
jayohaitchenn
Wielder of the BANHAMMER

Offline Offline

Posts: 12507




« Reply #16 on: Tuesday, February 23, 2010, 11:29:20 »

Thought so, Cheers Si.
Logged
jayohaitchenn
Wielder of the BANHAMMER

Offline Offline

Posts: 12507




« Reply #17 on: Tuesday, February 23, 2010, 11:34:05 »

I've never seen that gmer thing before. It's pretty good, even just for info on running processes and threads. Could really help with manual fine-tuning of a Windows OS (if you're into that sort of thing Smiley).
Logged
Simon Pieman
Original Wanker

Offline Offline

Posts: 36317




« Reply #18 on: Tuesday, February 23, 2010, 13:48:42 »

Yeah I'd never heard of or seen it before the other night when I was getting very pissed off.

Apparently the website got loads of attacks because it was meant to be that good.
Logged
Barry Scott

Offline Offline

Posts: 9112




« Reply #19 on: Tuesday, February 23, 2010, 14:36:49 »

On a remote desktop related thing, have you tried Teamviewer, it's free (if it's not for commercial purposes) and it's fucking ace. I used to use it and really recommend it for remote accessy rubbish, as it only takes seconds to get up and running, supplemented with phone or AIM of course.
Logged
Simon Pieman
Original Wanker

Offline Offline

Posts: 36317




« Reply #20 on: Wednesday, February 24, 2010, 20:26:41 »

Cool, I'll remember that
Logged
jayohaitchenn
Wielder of the BANHAMMER

Offline Offline

Posts: 12507




« Reply #21 on: Thursday, February 25, 2010, 09:51:32 »

Add it to the free software list you lazy welsh git.
Logged
Simon Pieman
Original Wanker

Offline Offline

Posts: 36317




« Reply #22 on: Thursday, February 25, 2010, 13:48:23 »

I need to update a lot, not just that list. Not had the time recently.

Logged
jayohaitchenn
Wielder of the BANHAMMER

Offline Offline

Posts: 12507




« Reply #23 on: Thursday, February 25, 2010, 13:55:11 »

Get on it then.
Logged
land_of_bo

« Reply #24 on: Thursday, February 25, 2010, 14:02:09 »

Yeah, Si, you can't take these things on and then be half-arsed.
Logged
Simon Pieman
Original Wanker

Offline Offline

Posts: 36317




« Reply #25 on: Thursday, February 25, 2010, 21:09:59 »

Oh believe me, I can Smiley
Logged
Pages: 1 [2]   Go Up
Print
Jump to: