Probably unknown Rootkit, very silent.

I'll peacefully ignore the two negative statements about Heineken in this thread and simply blame the posters with taste bud anomaly.
Mrk

 

"This is simply remedied by:
a. Using Linux."

First rootkit I ever saw was on a Linux installation. Redhat 6.2, IIRC.

 

This tool is nice, thanks for tip. Here is a screen of it with a General Warning:

 

Hehe, today is a good day, you are so right! Another one with my opinion!
Great, great! Another punch. I am really happy.

 

Hello,

No punch.

flimbag, so you saw an (evil) rootkit on Linux. And?

How do you compare that to the vast amount of garbage installs, drive by downloads and similar exploits and such that happen in Windows

TO

Linux, where the user had to su or sudo and deliberately install the rootkit.

BTW, rootkits are not bad unto themselves.
Many legit programs are using them - or similar techniques.
All of the screenshots in this thread point to a MS Windows OS.

I have yet to be given examples:

- Linux getting owned - non-deliberately and NO PoC
- Linux getting infected with something that cannot be remedied in 3 minutes

Finally, boot from CD, erase the unwanted files, game over.

Mrk

 

That is true too.



^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Sysenter, hm... very unknown.. Deep Monitor crazy hooks.

Always knew that this "FltMgrMsg" would play a very important role.

.text C:\WINDOWS\EXPLORER.EXE[280] ntdll.dll!NtClose 7C91D586 5 Bytes JMP 10004000
.text C:\WINDOWS\EXPLORER.EXE[280] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 10003F20
.text C:\WINDOWS\EXPLORER.EXE[280] GDI32.dll!CreateDCA 77EFB221 5 Bytes JMP 100011A0
.text C:\WINDOWS\EXPLORER.EXE[280] GDI32.dll!CreateDCW 77EFBE61 5 Bytes JMP 10001300
.text C:\WINDOWS\EXPLORER.EXE[280] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 10003D40
.text C:\WINDOWS\EXPLORER.EXE[280] ole32.dll!CoCreateInstanceEx 774CFA6B 5 Bytes JMP 10003A70
.text C:\WINDOWS\EXPLORER.EXE[280] ole32.dll!CoGetClassObject

 

I analyzed the dumped crypto information of these irp hooks from assumed tcpip/udp/raw bypass.

In case we can exclude that the above shown screen is no legit hook then many of the crypto informations lead
high likely to some very educated medicine psycho intruder. Many themes are about chronic diseases and chemical structures. Totally crazy.

 

I only remember one Trojan that used font method: Mosucker.

Beside the pc beeper makes total freaky noises, I never heard.





Matrix live:

 

Does anyone have any clue what SystemJunkie is talking about? I wonder if this stuff really is related to a rootkit infection?

 

Hello,
I do believe that there is nothing special in the shown logs. Likewise, I think that special rootkits, bios rootkits, virtual rootkits, and such are a nice poc or maybe a myth, so ...
Mrk

 

"Rootkit" has been the new marketing buzzword with the effect "solution" had in the late 90s.
It sells boatloads of security software

 

The kernel has some problems with vice on one of my systems, now finally we get a good view thanks to Rku:

 

A mixture of unknowns.

 

This is my first post on Wilders. I recently got hit with a Rootkit. My SpywareGuard alerted me to the fact that a BHO was trying to install & I was able to kill that. I have used AVG Anti-Rootkit Free, but I now feel something better will probably be needed to bolster my defences. What are some of the best Rootkit "Guardians" available that you would suggest.

In my past AV & AS experience a "real-time" type scanner (if available) is probably what I would want---but if that isn't my best course of defense,,what would be?

P.S....Im presently using AVG AS & AV, SpywareGuard, Spyware Monitor, Spyware Blaster, Spyware S&D,,Spyware Doctor, Ad-Aware Personal, & Outpost Firewall Pro.

Thanks,,,,Bobby,,,,aka,,,,DreamRyder

 

This thread may be useful. With ARK's it's best to scan with multiple scanners you can't really rely on one, you can download and install most of the anti-rootkits mentioned in above thread onto the same setup without problems, as long as you don't set both of them off scanning at the same time.

Londonbeat

 

Here are some news from the war front:

Some news, Avira Antirootkit found something:

Hidden file : c:\dokumente und einstellungen\l\lokale einstellungen\temporary internet files\content.ie5\jn8b0lv6\lasse,.m
Hidden file : c:\dokumente und einstellungen\l\lokale einstellungen\temporary internet files\content.ie5\jn8b0lv6\en.hri
Hidden file : c:\dokumente und einstellungen\l\lokale einstellungen\temporary internet files\content.ie5\jn8b0lv6\um.obj
Hidden file : c:\dokumente und einstellungen\l\lokale einstellungen\temporary internet files\content.ie5\jn8b0lv6\s.yst
Hidden file : c:\dokumente und einstellungen\l\lokale einstellungen\temporary internet files\content.ie5\jn8b0lv6\ﾃ￩t￫.ﾺ

Hidden file : c:\dokumente und einstellungen\l\lokale einstellungen\temporary internet files\content.ie5\jn8b0lv6\ﾋￇ@.
Hidden file : c:\dokumente und einstellungen\l\lokale einstellungen\temporary internet files\content.ie5\jn8b0lv6\uﾃﾻ￠.
Hidden file : c:\dokumente und einstellungen\l\lokale einstellungen\temporary internet files\content.ie5\jn8b0lv6\t3￭ﾋￇ@.k

It creates similar BSODs when scanning with RkU 3.7 like Rustock.B, maybe a next version.

This is the most significant part, look at the date:

 

His point is that you can't make Linux completely innocent. Linux is where rootkits originated from. That's ironic considering that Windows is supposed to be insecure. (while it is, I regard a Windows virus or crapware less severe than a Linux vulnerability)

Also, relatively speaking, how severe are Linux security problems to Windows? Windows: I have a worm or I'm sending out spam.
Linux: I'm rooted and the machine is under someone else's control.

Given the expertise to run Linux is high anyway, you can expect that the attacks on it will be more severe.

Don't let your fanaticism get to you.

This machine is dualboot OpenSUSE so you really have nothing to say.

 

lol...
Don't repeat those things you hear, not without reading about it.
How do those rootkits get in my Debian? I'll tell you, i would explicitly install them. I would input my root password to do that also.

Ultimately, "Linux" (GNU ) won't stop you from installing whatever you want. It's not alive, it follows instructions, like any other OS/ machine.

You see, it's impossible to reply to this without looking "fanboy" to you. It's just that not a word there makes sense! Hard to even say anything, people will leave you without a reply, and you'll guess you're right.

 

Hello,

HIV originated in monkeys, through a mutation from SIV. Does that mean it gives any trouble to monkeys? No. Same here. Root was born in UNIX, but since the problem has moved on to MS. End of story.

You don't need high level of experitise to use Linux, just some patience and a bit of vigor.

Linux problems are very very minor. Most exploits are local versus Windows where everything happens remotely...

There are no attacks on Linux.

I'm using XP here, so you really have nothing to say...

Cheers, peace, cheese, and prosperity,
Mrk

 

Don't know what monkeys have to do with this but sence you brought it up,to be persisce, the red-capped mangabey (Cercocebus torquatus) and the greater spot-nosed monkey (Cercopithecus nictitans) are the monkeys in questian.

As far as (There are no attacks on Linux) statement , what about this?
http://news.com.com/2100-1001-943911.html

 

Hello,
See the date of that article ...
Plus, it's about servers - not home users.
Mrk

 

Please correct my interpretation: I think you are saying that refuting my argument would make me think you are a fanboy?

If so, It wouldn't. I think people are fanboys when they make sweeping generalisations at the entire opposition. It's bogus. Posts from Linux fanboys on this forum often are ONLY the advice 'get Linux'. This is not good advice for the situation these people are in. Try and relate to the person you suggested it to.

They are suffering problems from nuisances on Windows. They have no intention of running away from everything they know. At least solve the problems they are experiencing and later, convince them to switch to Linux. To use the traditional car analogy:

• Somone crashed into a tree.
• In your high quality and fast car you stop and say to them. This car is better than your car, you won't crash as often.
• Drive off.

How helpful is that? Will they really want to be buying at the moment after the crash?
Perhaps a more accurate analogy is phoning a help service for a pickup and given advice along the lines of 'get a new car' and hang up. (Afterall why did they come to a predominantly Windows forum and ask for help?)

Analogies are not arguments in themselves but this reveals my perspective of what fanboyism really is.

Fanboys everywhere make useless posts to do something, change ideology or adopt this motive. No. Examples include Mac, Wii/Nintendo and certainly Linux. There are obviously reasons why these are fanboys, however, it is not relevant.

Linux requires more skill than Windows to use. You have to install it. How many people actually install Windows or use the OEM installation? If you want software, compare the installation process to Windows.

To exercise an attack against a Linux machine, you also need more expertise than you would to take down a Windows machine. This is why I believe the severity of a Linux breach is greater.

The fact that rootkits originated on Linux rather than Windows is an example of this. Windows is about nuisances. Linux breaches (when they happen) are more dangerous. My original comparison was like this:

• Windows: When I'm infected, I might show you annoying adverts, spy on you, send some spam, attack a website and lag.
• Linux: When I am infected, you will not know that I am.

Your monkey example confuses me in what you are arguing.

Oh lol. Oh, but I do. In Windows I too have to explicitly install a rootkit since I know what I am doing. Are you repeating what you hear? Have you ever been infected with a rootkit randomly in Windows or have you only heard about it?

Nuisance spyware/adware != rootkit.

Huh? You misunderstand. You need to understand the original statement to make a side by side comparison, I'm afraid. My statement means you cannot suggest that I use Linux because since I already have it. You can't use my usage of Windows as a reason for switching to Linux.

Do not misunderstand. I know that Linux is technically superior to windows. In none of my posts have I said anything against this. I rarely use my Linux installation. Unfortunately, I want to play video games. My installation takes hellever to load up. My monitor refresh rate is never accurate too. It hurts my eyes.

Phrases like End of Story, pwn and memes like All your base are poor ways to argue. They do not function as well as you might expect here.

 

While i agree in general, you must note that GNU/Linux isn't a corporation, it's a community, where people share and cooperate. They give you software, and you are free to use it as you like.

Ubuntu, to use an example, was ridiculously easy to install. I installed Beryl in a few clicks. It depends on where you're looking for programs, or what kind of programs.
Examples are nice to compare too.
Also, in XP all you need is double click, yes, but also only that to install malware, even if you don't know you're installing anything. Ubuntu would ask you for root privilege.

Rootkit was "originated" from wherever. It's software, you install it if you want. In a defense perspective, i'm interested in what i didn't ask for. No OS will prevent you from using it as you want. Well, actually,

If you're infected, what kind of infection matters, not the OS. If it pops adverts, it pops in both systems no? You're confusing things imo.

 

I doubt adware is as crossplatform as that statement suggests. As far as I am aware, adware on Linux is non-existent. On Windows, Adware is commonplace.

The severity of an infection you would get on Linux is far more severe than that of Windows. Infections on Windows are like a machine gun. You get many dumb and inaccurate infections.

To be successfully attacked on Linux, your attacker certainly knows what he or she is doing. Infections are pistols - accurate and highly targeted.