Probably unknown Rootkit, very silent.

My statement suggests nothing. It says if it's adware, it's adware wherever it's installed. If it's silent, it's silent.

In fact, malware is rare/ non existent on GNU/Linux.

There are 1000 ways to answer this, i guess. I'll simply say it's wrong.
Sorry for not being constructive here, but it doesn't make sense. How did you put those words together? Again, sorry, but surely you can see what i mean.

PM me, i'll gladly discuss it, but i think we're wrecking SystemJunkie's thread.

 

That would only matter if you could understand the point of SystemJunkie's thread.

 

Pick one of those 1000 to explain what you mean.

Hopefully that makes more sense.

 

Hello,

That is correct.
But the effort needed is equally higher.

To get infected in Linux, you really need to invest.
To get infected in Windows, you merely need to ... blah blah whatever ...

Mrk

 

Indeed. It was the only thing I was trying to say.

Thankyou for your patience with me

I apologise for my off topic posts SystemJunkie and for hijacking your thread.

 

I agree totally with it.

No problem. Actually I think that this unknown Rootkit stands in a strange relation to Rustock, because many things that the UnhackMe creator posted can be followed concerning the detection of specialized rootkits. It has the dumb and plumb character of disabling Firewalls that´s its sophisticated level. If we follow EPs statement that in war everything is allowed
(and he actually thinks we are in a digital world war) then we can see the very primitive aspect from a highly aggressive seed of rootkits. This may be effective but at least of a very dark and beasty, devilish kind.

Some traces could also be rooted from other east asian countries.
One thing is nearly sure, it comes from the asian side. Assumption: Either Russia, China, Czechia or Korea/Japan.
But maybe he also has some good relations into USA, Marina Del Rey and Ohio.

So who can be attracted from moat fights of such primitive kind and which psychopathogenic stalker is so ill that he proclaims that as his sense of life. There may be one up to two ruler and several follower.

Lets sum together: The one we seek loves DrWatsons Crashdumps, he likes to change timedates from 1.1.1601 up to 2070 or so, he loves to send spam, trying to fool all Rootkit Detectors, disabling/bypassing all firewalls and is a fan of psycho-stalking, he really likes Sysenter /Int2E 0000000 method and Kei386Helper plus abnormal terminations and he loves to implant itself in a very persistent polymorphic way. Furthermore he loves to destroy Exefiles and fills them with zeros but only from time to time not that often, if he is really angry he erases the partition with most bytes and turns it into Raw.
He has a great affinity to Shadow SSDT and CSRSS subsystem.From time to time he uses his zombie machines as proxy for checking his last holiday pics, ebay or paypal accounts. He high likely likes phishing, belongs to the most criminal minds on earth and loves to create blue screens. Does anyone know this person? (or should I say these creatures)

 

Hello,
Czechia is not on the "asian" side. You mean Czech Republic?
Mrk

 

Yep, that is the great exemption, but anyway eastern regions/directions.

 

Actually I assume that it corrupts cdrom and atapi controler (atapi/cdrom0 perverter), the same it does with dxgthk.sys (patcher), looks pretty like Rustock.C, does the same BSODs like Rustock.B, also it seems to corrupt ndis and ethernet adapter, it even f*ck up USB devices and interrupts these com-ways. A partial polymorphic body that you can see through HKey Current User from time to time if you scratch hard enough on the walls of matrix.