Webhost Rootkit Infestation?

Discussion in 'other anti-malware software' started by J.Fordmast, May 11, 2006.

Thread Status:
Not open for further replies.
  1. J.Fordmast

    J.Fordmast Registered Member

    May 11, 2006
    Are webhosts installing rootkits?

    I was doing some research recently on which webhost I want to host my website. After I was finished for the day I ran a Webroot Spysweeper scan. It picked up 4 potential system monitor/rootkit files that I had obtained from the following sites:

    alwayswebhosting_com -- premium quality, super fast, and super friendly cpanel hosting! v102.mht (ID = 0)

    site5 web hosting - affordable ecommerce, email, business, domain and web hosting plan comparisons.mht (ID = 0)

    ion hosting - affordable web hosting, front page, cpanel, plesk, reseller, ecommerce2.htm (ID = 0)

    cpanel web hosting - cpanel reseller hosting - linux web hosting - fantastico - rvskin - unlimited domains.mht (ID = 0)

    (This is how they appeared in my Spysweeper session log.)

    When I tried to quarantine the files, it said they were in use and couldn’t be removed without a reboot. The reboot successfully removed them.

    I wonder if anybody can duplicate these findings. If you’re curious, I’m running Windows XP, Internet Explorer with active scripting enabled. Visit these sites and save a few pages as Web archive single file (*.mht). Then later click on these files and open them up. Close them and then run a Webroot Spysweeper scan. (P.S. I wasn’t connected to the internet when I ran the scan.) Thanks!
    Last edited: May 11, 2006
  2. StevieO

    StevieO Registered Member

    Feb 2, 2006
    I tried a few with IE, and NO ActiveX/Scripting/Java/Iframes etc as usual. Nothing at all happened to me, so i guess whatever it was is due to you having Scripting enabled, which along with the others i mentioned, isn't always wise on untrusted sites !

Thread Status:
Not open for further replies.