[pchelpers] Re: [pchelpers]

Hi Sara,

Monday, December 12, 2005, 4:49:16 PM, you wrote:

BSL> I mentioned to a brother at the meeting yesterday that I have
BSL> been having a hard time with shutting down my computer. He
BSL> stopped by and ran a program on my computer that detected I had
BSL> two "root kits" (??) on it. He found them, but then didn't really
BSL> tell me how to delete them. He gave me two other programs to
BSL> run.....Clean Cashe 3.0, and SpySweeper. (He said they were the
BSL> best!) I ran Clean Cashe.....but cannot get SpySweeper to work.
BSL> He said the 'Root kit' isn't allowing it to run. So...what is
BSL> going on? Is it imparitive that I get rid of these 'root kits' in
BSL> order for my computer to work right? He tried to find them going
BSL> thru C: drive but said they were 'invisible'....and then didn't
BSL> really explain how to get rid of them. I'm a bit confused....

The usual way to remove a rootkit (much less two of them) is to format
and reinstall Windows from scratch; if that was a computer at a
business, your computer would have been taken away only seconds later.
Rootkits are like bedbugs; once you get them, you start thinking
seriously about burning the house down to get rid of them. It might be
possible to walk you through removing it, if you want, but you should
back up your data anyway. Don't back up any applications, since they
may be contaminated.

The general purpose of a rootkit is to allow someone from outside full
access to your computer. This means that they could potentially watch
everything that you type, read all of your email, send mail as you
("Hi Ann, I saw your husband's new mistress today"), etc. Many
rootkits nowadays subvert Windows' own security system in order to
hide themselves, so that antivirus/antispyware programs cannot find
them. In theory, it's possible for one to hide so that it cannot be
detected by anything running on the computer itself, but it seems that
none (known) have bothered to go this far -- yet.

The Sony DRM "rootkit" is not really a rootkit; it just uses rootkit
techniques to hide, which immediately makes it suspicious to security
experts.  If it's the Sony DRM "rootkit" that you're infected by, then
it's not a critical problem, more of an annoyance than anything else;
let's find out if this is it before going further...

Can you list what antivirus/antispyware/etc. software you have on your
computer already?

Is the program that he ran still on the computer?  If so, what is it?

Please download RootkitRevealer from
http://www.sysinternals.com/Utilities/RootkitRevealer.html, run it,
click File->Scan to have it scan your computer. When it's done
scanning, click File->Save to save the results to a file. Then, open
that file with notepad and copy and paste the contents into an email
(don't try to attach the file directly; it will get rejected by the
PC-Helpers' email system).

If you decide to reinstall Windows, you should ask the brother for a
CD with security applications to install; install and configure these
BEFORE connecting your computer to the internet again.  Also, be sure
to scan all of your floppies, CDs, DVDs, and other backups before
using them on the computer, since you may have gotten infected that
way.

"CleanCache" appears to be what you were referring to:
http://www.buttuglysoftware.com/CleanCache3.html

-- 
Scott.




-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: