« previous next »
Pages: [1]   Go Down

Author Topic: Rootkit removal  (Read 5391 times)

0 Members and 1 Guest are viewing this topic.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Rootkit removal
« on: October 19, 2005, 10:32:30 AM »
Fixes for two common 'pseudo' rootkits (they hide malware but not themselves.) Frequently flagged by avast! as Win32:Trojan-gen. {Other}

msdirectx.sys

http://forum.avast.com/index.php?topic=14618.msg142666#msg142666

rdriv.sys

http://forum.avast.com/index.php?topic=16788.msg142660#msg142660

Thanks to noahdfear

Could we make this a sticky?
Logged
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89186
  • No support PMs thanks
Re: Rootkit removal
« Reply #1 on: October 19, 2005, 03:17:30 PM »
I second the make this a sticky, or have it included in an existing sticky if suitable as the rootkit hiding malware is now well established and not a concept.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Re: Rootkit removal
« Reply #2 on: October 19, 2005, 03:59:54 PM »
Hi ye all,

Yes, there are loads of postings all coming down to the topic of this one sticky. Why not refer to this one for postings on: WIN32:TROJAN-GEN (OTHER).

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

MrBabis

  • Guest
Re: Rootkit removal
« Reply #3 on: October 19, 2005, 07:04:38 PM »
Yestoday I got that virus with name xpjava.exe in the userinit section.

I sended it to avast.
I removed by resetting attributes and renaming of file.

After reboot computer was clean, and I was able to delete that renamed file. ;)

----------
Thanks to AVAST that has operation blocker that was very usefull to find what program was creatin "msdirectx.sys".
----------
« Last Edit: October 19, 2005, 09:20:04 PM by MrBabis »
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Rootkit removal
« Reply #4 on: October 20, 2005, 04:04:44 AM »
Quote from: MrBabis on October 19, 2005, 07:04:38 PM
Thanks to AVAST that has operation blocker that was very usefull
Which operation blocker?
Do you mean a behavior blocker or just that avast! detect the virus on-access and did not allow it to run?
Logged
The best things in life are free.

MrBabis

  • Guest
Re: Rootkit removal
« Reply #5 on: October 20, 2005, 10:10:41 AM »
"behavior blocker" block on Open, Write, Delete,Format,Create operations

Here one article about protection from those Rbots
http://www.networkworld.com/newsletters/bug/2005/0926bug2.html
« Last Edit: October 20, 2005, 11:03:23 AM by MrBabis »
Logged

Spiritsongs

  • Guest
Re: Rootkit removal
« Reply #6 on: October 21, 2005, 07:47:08 PM »
 :)  For CREDIBLE  rootkit detection, use the FREE Rootkit
     Revealer from www.sysinternals.com . If a scan shows
     anything, go to the forum(s) of your antispyware
     provider and seek assistance . Before using that program,
     make sure you have just deleted your Temporary
     Internet Files.
Logged
Pages: [1]   Go Up
« previous next »