AB
Premium
join:2006-04-04
Leesburg, VA
| reply to Bubba17
Re: One in Five PC's Infected With Rootkits
said by Bubba17  :said by AB :I think I owe a debt of gratitude to SipSizurp's and the others' clients though, that shouldered the burden and helped to keep me in that other 75 or 80% percentile. Whew! Close one! You found something? Nope. Not a thing.
This is why I'm in that 'other percentile'.  |
|
Bubba17
Less is More
Premium
join:2006-09-21
| reply to AB
said by AB :I think I owe a debt of gratitude to SipSizurp's and the others' clients though, that shouldered the burden and helped to keep me in that other 75 or 80% percentile. Whew! Close one! You found something? And, successfully eradicated it?
You used RkU? Did you try GMER?
--
HN7000s | Horizons 1 (127W) | Gateway: 1110Mhz | Dish: .98m 2 Watt | Pro+
"Fast is fine, but accuracy is everything" --Wyatt Earp |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to Bubba17
said by Bubba17 :Notice ... I didn't announce I was clean. Yes, I notice that.
Well, allow me to announce-- my machine is clean!
Yeah, baby! Yee-haaa!
I think I owe a debt of gratitude to SipSizurp's and the others' clients though, that shouldered the burden and helped to keep me in that other 75 or 80% percentile.
Whew! Close one!
Thanks, gents! |
|
fatdcuk
Premium
join:2005-02-20
England
2 edits | reply to Bubba17
Here is the GMER 1.0.14 Beta link>>>
»www2.gmer.net/beta/
I've been using the Beta version for around 4 weeks now and can safely say it is more stable for my setup and has gained some more functionability over the previous version:) |
|
Bubba17
Less is More
Premium
join:2006-09-21
| reply to fatdcuk
Well, based on the test results you've shared (again, thanks), I obtained GMER 1.0.13 (wasn't able to obtain your beta version) and it's not finding anything.
Notice ... I didn't announce I was clean. |
|
fatdcuk
Premium
join:2005-02-20
England
1 edit | reply to daveinpoway
Sorry for the delay folks but as promised yesterday here is are the screenshots/data returned from testing some of the tools mentioned in this thread versus samples from my Zoo collection.
All RK malwares used have been harvested from in the wild infections over the last 18months and there are no proof-of-concept RK's used.These are live malware rootkits 
Testbed1(loaded malware RK's)
1)Rustock B (huy32.sys)
2)Nulprot (asc3550.sys+asc3550p.sys)*
3)Haxdoor (ntio256.sys+protector.exe)
4)Srizbi (Eyvw95.sys)
5)Cutwail/Bulknet (Runtime2.sys)**
*Imports a secondary infection from the WWW that is not hidden.
**Drops other files after installation that are not hidden.
Prev-X CSI= 4/5 Is blind to Nulprot.
AVG AntiRootKit= 4/5 Is blind to Nulprot.
RKU= 4/5 Is blind to Nulprot.
GMER 1.0.14 Beta= 5/5 
Nulprot VT upload today>>>
»www.virustotal.com/resultado.htm···7b697495
Testbed2(loaded malware RK's)
1)Rustock A (lzx32.sys)
2)Wincom32 (Wincom32.sys)
3)TR.inject/allinone(VideoAti0.sys+dll+exe)
4)Haxdoor.sm(Pasksa.dll+p81eskse.sys)
Prev X CSI= 3/4 Blind to Allinone
AVG AntiRootKit= 4/4
RKU =4/4
GMER 1.0.14Beta= 4/4
TR.Inject/Allinone VT report today>>>
»www.virustotal.com/resultado.htm···f327bde6
|
|
