Super-Trojan Rootkit

I find all of this very hard to swallow. If everything is clean there's no reason why a PC should be infected unless software that is being reinstalled has been corrupted and/or infected and upon reinstalling the software the reinfection occurs. I have a backup as many do, of all my purchased software as it would be a huge time consuming task to have to re-download everything even on DSL but on a dial up it would take days just to re-download everything. So corrupt and/or infected stored files can cause very serious problems and no matter how many times you reinstall windows, do 0 formats, bios flashes etc; reinstalling the same programs which are infected would cause those problems to reoccur leading to speculation of a super Trojan or hacker which I think is nonsense.

People that claim to have been overtaken by a super hacker seem to not want to contact DCS for professional help or even show us some proof of the facts which makes me think that we're just being led up the garden path. If someone has real problems they need to come up with more than just assertions that they have a super hacker. We can't help if we can't diagnose and we can't diagnose if no specific details are posted.

Unless these people actually backup what they say with screenshots and logs etc and do make sincere efforts to get help from the experts then I would dismiss any such claims as being fabricated stories. I have yet to see claimants use any of the tools suggested by our members to post the results online. Instead they keep opting for the spoken word which doesn't stand up in a court of law and also doesn't stand up to professional scrutiny when trying to solve a technical issue. Details and facts supported and verified by known software are what is required not rhetoric and supposition and so far none of these claimants are doing this but are instead just making wild claims about a super hacker.

There are plenty of programs which can verify this if these people choose to lay their cards on the table but they don't which makes me doubt their claims very much. Download the programs we have suggested and post the logs, screenshots etc and then we can help but otherwise there is no proof or evidence that they are infected except that they say they are and that's no proof at all. In a court of law cases like this would be thrown out and the claims would be judged as baseless because of lack of evidence. The spoken word is not evidence.


Dave

 

Hi,

Having my press review this morning, i found an article which explains how to create a new autorun by patching explorer.exe.

And this kind of new attacks used by advanced rootkits is just a beginning as confirms it this article:

http://www.infoworld.com/article/05/02/17/HNrootkits_1.html

In the fight "Attack vs Defense", this last one is always running behind the first one.

Regards

 

Okay, I can't get the Word document referred to in the MS link to load because I don't have M$Word on here.

Is M$'s rootkit detector available to the general public to play with? If so, anyone got a link for its' d/l? Pete

 

From what I've heard "Ghostbuster" (cute name) is still just a research project and is not yet available for download, as far as I know.

 

Googling around it looks like it's only a research project at the moment, and not available to download. I'm not sure why since it just looks like it's a script for existing tools (WinDiff), but hopefully they'll have it out soon.. it looks great.

spy1: Have you looked at OpenOffice? It opened the .doc for me just fine, and it's open source. http://www.openoffice.org

 

I would also like to know if Killdisk would erase any super-trojan if one did exist, does anyone know this?

I had my security compromised recently and had a whole lot of stuff sent to my computer... although it now appears clean i will format it anyhow for peace of mind. I have been advised by a friend who is very much into these things that they could have placed things on my computer that would still be there after a normal format and that i should use a program called killdisk on the highest level and then use the windows 98 start disc to format it, and then reinstall windows.

I am also assuming the windows 98 start disk is fdisk ?

 

Ah yes I truly remember the olden days

Back when there was NO plug and play and you had to tell the BIOS how many heads Cyl ect. What a pain that was. A 5 meg HD was the cooliest thing LOL

Whenn you reflash your BIOS, you are using a flash program from one of the BIOS makers. It could be Phenoix or any other common ones. Along with that EXE is a BIN file usualy. What is so tough about changing the BIn file. This is the file that holds all the programming data.

Also in the old days Compaq never used a hardware BIOS. Instead they used
the first 8 meg of your hard drive for the BIOS. Bad idea huh? How easy was it to change that?
Now HP own Compaq and I don't know if they did away with that practice but I have noticed a 8 meg partition on y Laptop that won't go away using a HP Windows Home CD.
I go to repartition and format and I delete the 8 meg partition and the 38 gig partition. I then create a new partition. It never allow me to use that 8 meg.
It always leaves that alone. I wonder what would happen if I use a regular Windows CD?
I am guessing they Do use that first 8 meg for something. Anybody else noticed this?

Bruce