Webhost Rootkit Infestation?

Discussion in 'other anti-malware software' started by J.Fordmast, May 11, 2006.

Thread Status:
Not open for further replies.
  1. J.Fordmast

    J.Fordmast Registered Member

    May 11, 2006
    Are webhosts installing rootkits?

    I was doing some research recently on which webhost I want to host my website. After I was finished for the day I ran a Webroot Spysweeper scan. It picked up 4 potential system monitor/rootkit files that I had obtained from the following sites:

    alwayswebhosting_com -- premium quality, super fast, and super friendly cpanel hosting! v102.mht (ID = 0)

    site5 web hosting - affordable ecommerce, email, business, domain and web hosting plan comparisons.mht (ID = 0)

    ion hosting - affordable web hosting, front page, cpanel, plesk, reseller, ecommerce2.htm (ID = 0)

    cpanel web hosting - cpanel reseller hosting - linux web hosting - fantastico - rvskin - unlimited domains.mht (ID = 0)

    (This is how they appeared in my Spysweeper session log.)

    When I tried to quarantine the files, it said they were in use and couldn’t be removed without a reboot. The reboot successfully removed them.

    I wonder if anybody can duplicate these findings. If you’re curious, I’m running Windows XP, Internet Explorer with active scripting enabled. Visit these sites and save a few pages as Web archive single file (*.mht). Then later click on these files and open them up. Close them and then run a Webroot Spysweeper scan. (P.S. I wasn’t connected to the internet when I ran the scan.) Thanks!
    Last edited: May 11, 2006
  2. StevieO

    StevieO Registered Member

    Feb 2, 2006
    I tried a few with IE, and NO ActiveX/Scripting/Java/Iframes etc as usual. Nothing at all happened to me, so i guess whatever it was is due to you having Scripting enabled, which along with the others i mentioned, isn't always wise on untrusted sites !

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.