Bagle / rootkit killed

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by harrijv, Aug 16, 2008.

  1. harrijv

    harrijv Private E-2

    Hi!

    I got this nasty Bagle / rootkit combination. Avast! warned me, but couldn´t kill them. I tried several things, but the one that saved me was F-Secure Rescue CD. You can find it here: http://www.f-secure.com/linux-weblog/

    SpyBot and CCleaner took care of the rest (register).

    Take care,
    Harri
     
    harrijv, Aug 16, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Thanks for posting us this message. I had actually saved this ISO file awhile back and just have not had time to create the CD and play with it. I have use other LINUX based CD tools myself and also UBCD4win to fix this infection myself manually. We also use the Recovery Console to fix this. The problem with manual steps is that they are difficult for many people to follow.

    I will have to finish look at this and then try it with a user or two. Some people even have problems burning ISO files to CD. ;)
     
    chaslang, Aug 16, 2008
    #2
  3. harrijv

    harrijv Private E-2

    Yeah, no problem. I hope that it will save someone elses day also.

    One should be careful with that though. What it does, is that it automatically renames all files that it thinks has an infection. And if one of your system core files happens to be infected and then the OS doesn´t find it...
    I think it´s a good tool, but maybe it should give a chance to skip renaming.


    BTW, I also tried F-Secure BlackLight RootKit Eliminator and Trend Micro RootKit Buster.
    Buster didn´t even start with that Bagle / rootkit running. BlackLight recognized it, tried to kill it, but hanged itself instead.
     
    harrijv, Aug 16, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Actually this is no different than any other scanner which may remove infected system files too. Happens all the time and the result is always the same...... can't login or worse unbootable PC. The nature of many of the infections that are around these days is causing more and more problems like this.
     
    chaslang, Aug 17, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds