I know I can turn to all of you for help because you recently helped me get
rid of Autoinfo popups and I know I can depend on you for help this time
too.
I'm having problems trying to find a way to get rid of the trojan horse
Generic.RTX on my system running XP home edition. I've run Ad-Aware,
Spybot, AVG, and AČ, and none have helped as of yet. XP and all software
have all updates applied. Is this a trojan a Rootkit? I've searched the
net, F-Secure, and Symantec for help but found none. I'd be very
appreciative if someone out there could guide me in the right direction.
The location of the two infections are;
C:\Document and Settings\user name\Local Settings\Temp\C9C36D.tmp and
C:\Document and Settings\user name\Local Settings\Temp\C9C36D.tmp:\ny8jr.exe
Since these appear to be temporary files, would just deleting them do the
job?
Thanks for all your help now and in the past.
Dave Schroeder
----- Original Message -----
From: "Toomas Piibe" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Friday, April 28, 2006 4:30 AM
Subject: Re: [PCSOFT] Rootkits
> For investigation I use Rootkit Revealer
>
> http://www.sysinternals.com/Utilities/RootkitRevealer.html
>
> page also gives more technical explanation about rootkits
> in Windows and how they work.
>
> Toomas
>
>
>
> ----- Original Message -----
> From: "David Gillett" <[log in to unmask]>
>
>
>
>> On 24 Apr 2006 at 21:32, Ra wrote:
>>
>>> What is a rootkit and how would I investigate it?
>>
>>
>> The name comes from the world of Unix and Linux, where the all-powerful
>> account on a computer is named "root" rather than "Administrator". The
>> original purpose of a rootkit was, as a piece of malware, to obtain this
>> supreme level of user privilege, from which the attacker who installed
>> the
>> rootkit could then proceed to wreak whatever havoc was desired.
>> Of course, not all attackers are just interested in causing immediate
>> chaos; many see their infiltration of a machine as a stepping-stone to
>> some
>> further purpose. And so the term's meaning shifted to focus on
>> techniques
>> to try to prevent discovery that the system has been compromised.
>>
>> Indeed, the distinguishing characteristic of a modern rootkit is that it
>> makes it so difficult for an ordinary mortal user to discover its
>> presence.
>>
>> As such, there's not much useful advice to give. If you are having the
>> sort of problems that usually indicate a virus or spyware infestation,
>> but
>> all of your usual tools for detecting and removing malware are coming up
>> empty, then that *may* indicate the presence of a rootkit.
>>
>> (But not necessarily. I had been seeing such symptoms on one of my
>> machines, and discovered today that I had missed updating its copy of
>> Firefox from 1.0.x to 1.5.x; updating it appears to have corrected the
>> problem.)
>>
>> David Gillett
>>
>> Do you want to signoff PCSOFT or just change to
>> Digest mode - visit our web site:
>> http://freepctech.com/pcsoft.shtml
>>
>
> The NOSPIN Group Promotions is now offering
> our special coffee cups and mouse pads
> with the PCSOFT logo... at a great price!!!
> http://freepctech.com/goodies/promotions.shtml
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.385 / Virus Database: 268.5.1/327 - Release Date: 4/28/2006
>
>
The NOSPIN Group Promotions is now offering
our special coffee cups and mouse pads
with the PCSOFT logo... at a great price!!!
http://freepctech.com/goodies/promotions.shtml
|