Kerry
Wed May 17 08:35:37 CDT 2006
Have you tried the standard methods of removing spyware?
http://www.elephantboycomputers.com/page2.html#Removing_Malware
http://www.mvps.org/winhelp2002/unwanted.htm
--
Kerry
MS-MVP Windows - Shell/User
WealthGuru wrote:
> Speaking of "daughters".........we have a machine that seems to be
> "controlled "by "profiles byte"; hijacks IE and won't allow browsing
> until you click thru. Have scoured registry, all places this neophyte
> can see and no luck.
>
>> Ted Zieglar wrote:
>>> That was a fascinating post...resizing partitions, setting up ftp
>>> servers, hide it all in a rootkit...if it wasn't such a criminal
>>> thing to do, you'd have to admire the creators of a very
>>> sophisticated piece of software.
>>>
>>> To paraphrase Maxwell Smart: If only they would use their knowledge
>>> for niceness instead of evil.
>>>
>>
>> It was amazing. It was very sophisticated work. It took me most of a
>> day to figure out what had been done. It also made me aware of what
>> can be done. I am much more conscious of security after seeing that.
>> I can't imagine the embarrassment when the police show up and
>> confiscate your daughter's computer for distributing porn. I'm sure
>> the police would quickly figure it out but in the meantime the press
>> would be all over it. Their reputation would have been ruined. It's
>> a small town here.
>>
>> --
>> Kerry
>>
>>>
>>> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
>>> news:OOEJ%234hTGHA.4900@TK2MSFTNGP12.phx.gbl...
>>>> Ted Zieglar wrote:
>>>>> Even if a rootkit is discovered, I do not believe there is a tool
>>>>> that can remove it -- not yet, at least. All malware removal tools
>>>>> currently available rely on the operating system in one way or
>>>>> another, and once a rootkit has embedded itself the operating
>>>>> system has been compromised and can no longer be trusted.
>>>>>
>>>>> Removing a rootkit requires either a sophisticated knowledge of
>>>>> file systems and rootkit technology or a clean install. Rootkit
>>>>> Revealer's significant contribution - and it is by no means a
>>>>> finished work - is its ability to identify anomalies in the OS
>>>>> that may possibly be rootkits. Previously, rootkits were
>>>>> undetectable.
>>>>>
>>>>> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
>>>>> news:u8L$p1bTGHA.1160@TK2MSFTNGP09.phx.gbl...
>>>>>> Duncan McC wrote:
>>>>>>> What are the experts opinions on Sysinternals rootkit tool?
>>>>>>
>>>>>> It works to find some rootkits. By nature rootkits are hard to
>>>>>> detect. The tool points out discrepencies and it's up to the user
>>>>>> to interpet the results. I use it and was able to find a root kit
>>>>>> on one computer. It was an academic exercise. The computer was so
>>>>>> messed up it needed a clean reinstall anyway.
>>>>>>
>>>>>> --
>>>>>> Kerry
>>>>
>>>> I was able to remove the rootkit with BartPe but as I said things
>>>> were so messed up by that point it needed a clean install. The
>>>> computer had been taken over and was being used as a porn ftp
>>>> server completely unknown to the customer. It was running really
>>>> slow and their hard drive was full so they brought it to me for
>>>> repair. It was an illuminating experience figuring out what had
>>>> been done. A remote control trojan had been installed. Once they
>>>> had control they resized the system partition, created a hidden
>>>> partition filled with porn, and installed the root kit which was
>>>> running a ftp server.
>>>>
>>>> --
>>>> Kerry