rootkit infestation

Discussion in 'Malware Help (A Specialist Will Reply)' started by jbirdie, Jun 29, 2006.

  1. jbirdie

    jbirdie Private E-2

    since saturday i have had 7 different rootkits - all coming from the same isp, but the malware is coming from japan, china, australia, syria, tunesia, and the usa(traced with traceroute). i wrote the isp and got this lie back from them: (Due to certain privacy concerns and legal restrictions, we often can not share with you the outcome of our investigation or the specific steps we take to address your oncerns). the company is Fast Colocation with help from Swift Ventures. i have run hijack this, cwsshredder, adaware, spybotsd, a2squared, , blacklight and icesword, as well as ewido. ewido is the only one to find these wankers and here is a sample of one of their hidden cookies, note the very beginning, that is a ramdom invisible directory they use ( they use a different one for each cookie - sunday i had 15 of these cookies all from different locations, and the xxxxx is so i dont show my user name to the whole world, in this post)
    :mozilla.16:C:\Documents and Settings\xxxxx\Application Data\Mozilla\Firefox\Profiles\ryiqa33p.default\coo kies.txt -> Spyware.Cookie.Spylog : Cleaned with backup - this one came from anchorage. now to get back on track,each of these infestations has resulted in a format, well that is ok when i decide to do it but not when dictated by a bunch of lame wankers. i did try a system repair, to no avail. is there any way to refresh/restore my system files and maintain my apps? plz hellllllllp!!!!! tks
     
    jbirdie, Jun 29, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Cookies are not problems and they are not rootkits! Please read step 11 in the below link:

    How to Protect yourself from malware!


    If you want to know more about RootKits, see the below:

    http://www.sysinternals.com/Utilities/RootkitRevealer.html

    http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

    http://www.cs.wright.edu/~pmateti/Courses/499/Fortification/obrien.html


    If you are actually having some kind of problems on your PC that you think are related to malware then run thru the below procedure and attach the three logs that are requested.

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
    .
     
    Last edited: Jun 30, 2006
    chaslang, Jun 30, 2006
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds