• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Rootkits...

F

FlatLine84

[H]ard|Gawd
Joined
Apr 7, 2005
Messages
1,521
Is it possible for a rootkit to do something, or like say a Trojan to do something like delete files on a hard drive if a certain condition is met? I mean, I've heard about this stuff, but never actually seen it in action, and I think I am now.... I've been seeing some very suspicious activety happening on a machine I've been working on. I keep getting "File Write Delay Failed" errors. Also, the used space on the hard drive keeps decreasing. I've tried two different virus scans, both say their's a boot sector error. I thought it could be hard drive failure, but something just seems odd about it all...
 
no antivirus software that i know of can detect rootkits, the rootkits are malicious software that runs fully or partially at the most privileged execution level, ring 0, having full access to memory, all CPU instructions, and all hardware, so yes they can do pretty much WHATEVER they want with your PC
 
almost forgot, u might try using some rootkit detection software like Rootkit Unhooker or IceSword, but chances are u might have some other malware like spy-ware
 
The only reason I ask if it's a rootkit, is apparently we have a disgruntled programmer that left, and this shortly started happening. It's seems like a pretty huge coincidence. What I've done so far has been AVG, Trend Micro's house call, ad-aware, and Advanced Windows Care. I'm going to check out rootkit revealer next I guess, and the two you mentioned.
 
FlatLine84 said:
Is it possible for a rootkit to do something, or like say a Trojan to do something like delete files on a hard drive if a certain condition is met? I mean, I've heard about this stuff, but never actually seen it in action, and I think I am now.... I've been seeing some very suspicious activety happening on a machine I've been working on. I keep getting "File Write Delay Failed" errors. Also, the used space on the hard drive keeps decreasing. I've tried two different virus scans, both say their's a boot sector error. I thought it could be hard drive failure, but something just seems odd about it all...
Click to expand...


The write delay could indicate a hardware failure. The capacity changes somewhat support this. I would continue pursuing the rootkit path but look into the possibility of hardware problems.
 
leSLIe said:
no antivirus software that i know of can detect rootkits, the rootkits are malicious software that runs fully or partially at the most privileged execution level, ring 0, having full access to memory, all CPU instructions, and all hardware, so yes they can do pretty much WHATEVER they want with your PC
Click to expand...

NOD32 and Bitdefender detect rootkits, and AVG has a free beta anti rootkit. Sysinternals also has rootkit revealer which you might want to try

I would test the hard drive with the manufacturers utility.
 
plasma said:
NOD32 and Bitdefender detect rootkits, and AVG has a free beta anti rootkit. Sysinternals also has rootkit revealer which you might want to try

I would test the hard drive with the manufacturers utility.
Click to expand...

Trend Micro does it too.
 
virus<rootkit<ghostware

pray that you don't have ghostware coz nothing will kill it. Not even a reformat. Gluck.
 
what is ghostware? and how can it survive a format? does it hop sectors during the format or hide in memory or something:confused:
 
it doesn't need to be a virus if the programmer left it behind. it could be a little script that is launched by anything. a vbscript that deleted files wouldn't be caught by any av software.
 
hmm rootkits are bad, m'kay.

WTH is ghostware, tbh i aint never heard of it, how does it survive a format :eek:
 
If you suspect a rootkit, the first thing you should do is not try scanning it from the bad operating system - yank the drive, throw it in another machine, and do a scan there.

ps: Ghostware wth? You are wrong. Unless it somehow breaks the BIOS and manages to damage the reinstalls from within the limited BIOS's space, theres no reason it couldn't be overwritten from a CD. I'm not aware of any viruses that do those sort of things these days, and especially with the fact that operating systems are so large and complicated it would be a very challenging procedure. Ghostware btw appears to be the non-technical persons way of saying rootkit.
 
NOD32 and Bitdefender detect rootkits, and AVG has a free beta anti rootkit. Sysinternals also has rootkit revealer which you might want to...
Click to expand...

guess i dunno squat about antivirus! :D

then again, i dont use antivirus to get rid of malware


what is ghostware? and how can it survive a format?
Click to expand...

well if u have a printer that has some sort of memory, any "modern printer" will do, in theory the "virus" could copy itself into the printer ram memory and stay there until u reinstall windoze, u might try turning off your printer :D
 
leSLIe said:
well if u have a printer that has some sort of memory, any "modern printer" will do, in theory the "virus" could copy itself into the printer ram memory and stay there until u reinstall windoze, u might try turning off your printer :D
Click to expand...

... :rolleyes:
 
tupak said:
http://www.securityfocus.com/comments/articles/11372/33017/threaded#33017

http://techrepublic.com.com/5208-11193-0.html?forumID=81&threadID=201438
Click to expand...

Joy, that looks like fun..... I don't think it's anything that bad, if it's not the failing HD, I would say a script at this point. I talked to one of the individuals who apparently did some work over there before my consent or notice, and all he did was change system passwords. I'll keep you guys posted, this could turn out to be a nice little support policy change suggestion.
 
You must log in or register to reply here.
Back
Top