In XP HOme I found rootkit hiding?

J

Joe K

After cleaning out a Win XP HOme of viruses ,trojans and spyware
adware,I still had a problem of unknown processes accessing the
internet. The MS firewall didn't stop any of these processes.
I used a rootkit finder and found something hidden from windows API.
Which means it doesn't show up in any folders seen my windows even after
unhiding folders in folder options.

How do I get rid of this rootkit? I believe it's the apropos
spyware.Nothing I've done using several anti virus and anti trojan
programs worked.
I hope MS has a fix for this.
 
D

David H. Lipman

From: "Joe K" <[email protected]>

| After cleaning out a Win XP HOme of viruses ,trojans and spyware
| adware,I still had a problem of unknown processes accessing the
| internet. The MS firewall didn't stop any of these processes.
| I used a rootkit finder and found something hidden from windows API.
| Which means it doesn't show up in any folders seen my windows even after
| unhiding folders in folder options.
|
| How do I get rid of this rootkit? I believe it's the apropos
| spyware.Nothing I've done using several anti virus and anti trojan
| programs worked.
| I hope MS has a fix for this.

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

It is suggested that you execute the following tool in Normal Mode then in Safe Mode.

Swandog46's Apropos Adware/RootKit remover
http://swandog46.geekstogo.com/aproposfix.exe


* * * Please report back your results * * *
 
P

PA Bear

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/archive/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**
 
R

Richard Urban

We have been pointing out all along that the Windows firewall (or a router)
gives you NO outbound protection. It is hard to get people to listen to the
fact that they really, really "need" something like ZoneAlarm to properly
protect their computer.

Since it is free, maybe now you will download and install it! It protects
your computer from sending unauthorized outbound as well as receiving
unauthorized/unsolicited inbound traffic.

http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=dbtopnav_za

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!
 
J

Joe K

Joe said:
After cleaning out a Win XP HOme of viruses ,trojans and spyware
adware,I still had a problem of unknown processes accessing the
internet. The MS firewall didn't stop any of these processes.
I used a rootkit finder and found something hidden from windows API.
Which means it doesn't show up in any folders seen my windows even after
unhiding folders in folder options.

How do I get rid of this rootkit? I believe it's the apropos
spyware.Nothing I've done using several anti virus and anti trojan
programs worked.
I hope MS has a fix for this.
Click to expand...
Thank you everybody for info.I couldn't get back till now. The show 24
just got over. Ha!
On the Sysinternals.com forurm {rootkitreveler] I was able to get good
info.I used the Aproposfix and then Ewido antimalware in safe mode.
This solved the problem.Thank SYSinternals for free program
I have copied these replies and will do more research on this.
For now I am relieved that I have cleaned the computer and will be
returning it to my friend. Of course with the advice that he buy certain
programs like antivirus, anti trojan and update and use
antispyware[Spybot] and AntiAdware[Lavasoft] and of course a better
firewall like ZA.
I posted here as I didn't know where else to go. Thanks again to all for
the info.This has been an educating weekend.Who says you can't teach an
old dog new tricks. RUFF RUFF
 
D

David H. Lipman

From: "Joe K" <[email protected]>


| Thank you everybody for info.I couldn't get back till now. The show 24
| just got over. Ha!
| On the Sysinternals.com forurm {rootkitreveler] I was able to get good
| info.I used the Aproposfix and then Ewido antimalware in safe mode.
| This solved the problem.Thank SYSinternals for free program
| I have copied these replies and will do more research on this.
| For now I am relieved that I have cleaned the computer and will be
| returning it to my friend. Of course with the advice that he buy certain
| programs like antivirus, anti trojan and update and use
| antispyware[Spybot] and AntiAdware[Lavasoft] and of course a better
| firewall like ZA.
| I posted here as I didn't know where else to go. Thanks again to all for
| the info.This has been an educating weekend.Who says you can't teach an
| old dog new tricks. RUFF RUFF

Thank you for updating the thread !
 
R

RJK

....and boy oh boy, don't the "try before you buy" / "free trial download"
software houses just love to know if you're trying out their software !
If you're sensible enough to try some without a vicous adware package
incorporated into it, or piggy backed donto it, then in my opinion it's wise
to track the installation, after installing offline of course, and trundle
along to your firewall and make sure that every file to do with it can't
access the web. :)

regards, Richard
 
R

RJK

....perhaps, "If you're sensible enough to try some without a vicous adware
package incorporated into it..."
should have been, ..."take care not to download trial/ware in case it's got
ad/malware in it - best never to d/l such software !!

regards.Richard
 
R

RJK

"vicious" wihc sha eebn misslep dna ismytped :)

regards, richard


PA Bear said:
What's "vicous" adware? [Spiel chekker not wurkin?]
...perhaps, "If you're sensible enough to try some without a vicous
adware
package incorporated into it..."
should have been, ..."take care not to download trial/ware in case it's
got ad/malware in it - best never to d/l such software !!

regards.Richard
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Rootkit infection (Popureb) requires Windows reinstall, says Microsoft 1
Devastating Malware/Rootkit - Invincible 1
Confusion about MBR depending if USB drive is connected 2
Should I re-install XP Home? 4
Virus News. Thursday, November 10, 2005 0
Windows XP Pro system has slowed to a crawl... 17
Re install XP HOme without disk using I386 folder 7
Windows XP home "read only" folders. 15

Top