Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
BCM
User Panel

Posted: 6/21/2011 3:20:19 AM EDT




Rootkit win32.sst.a    was found on my PC last night after I got home and discovered half my desktop icons missing,  fully 3/4 of my programs no longer listed in the programs list,  and a pile of error messages concerning a corrupted FAT table.
Kaspersky found it AFTER the damage was done.
Fortunately I seem to have lost no data that's important to me.    But now I've got quite a few programs that are present on the hard drive but no longer installed as far as Windows is concerned.





Lucky for me,  the ones that matter are all running on my PC at work.  
I've got to spend the day backing up files to DVDs because I actually don't trust that there isn't a hardware problem with the main hard drive as well, and this computer is nine years old and starting to get a bit flaky anyway.    It's time to give an honorable retirement to this 9 year old Dell,


which has served well with very, very few glitches over all this time.
If I should ever get my hands on the person who wrote that rootkit,  the Al Qaida terrorists who chop people's heads off, slowly, and videotape


the affair,  would, if they saw what I'd do to the rootkit author,  say,  "Dude, that's harsh!".
Writing viruses and rootkits should be an activity that results in a mandatory death penalty.  You don't damage other people's data!  
 
Link Posted: 6/21/2011 3:21:25 AM EDT
[#1]
THE IMAGE ABOVE IS A PAID ADVERTISEMENT
http://t3.gstatic.com/images?q=tbn:ANd9GcQ2TExZHNVeL0BAMLfQsHpKeLqmceOq8ewJ2Iv1h0pSTaV0XfQlEA&t=1 http://t3.gstatic.com/images?q=tbn:ANd9GcQ2TExZHNVeL0BAMLfQsHpKeLqmceOq8ewJ2Iv1h0pSTaV0XfQlEA&t=1 http://t3.gstatic.com/images?q=tbn:ANd9GcQ2TExZHNVeL0BAMLfQsHpKeLqmceOq8ewJ2Iv1h0pSTaV0XfQlEA&t=1 http://t3.gstatic.com/images?q=tbn:ANd9GcQ2TExZHNVeL0BAMLfQsHpKeLqmceOq8ewJ2Iv1h0pSTaV0XfQlEA&t=1 http://t3.gstatic.com/images?q=tbn:ANd9GcQ2TExZHNVeL0BAMLfQsHpKeLqmceOq8ewJ2Iv1h0pSTaV0XfQlEA&t=1rootkit win32.sst.a was found on my PC last night after I got home and discovered half my desktop icons missing, fully 3/4 of my programs no longer listed in the programs list, and a pile of error messages concerning a corrupted FAT table.


indeed
Link Posted: 6/21/2011 3:24:33 AM EDT
[#2]
Link Posted: 6/21/2011 3:29:14 AM EDT
[#3]



Quoted:





indeed


Hit the refresh button!



 
Link Posted: 6/21/2011 3:37:44 AM EDT
[#4]
I agree.  I have spent far too much time personally and professionally fixing these fucking virus infections.  It's akin to someone pouring sand in your gas tank.
Link Posted: 6/21/2011 3:40:48 AM EDT
[#5]





ComboFix can knock out some pretty serious malicious software. CM you should give it a try.

 
Link Posted: 6/21/2011 3:44:02 AM EDT
[#6]
Wish I could understand the motivation of the pricks who take all the time and trouble to fuck with people's computers they don't know.
Link Posted: 6/21/2011 3:46:35 AM EDT
[#7]
I just got done cleaning a trojan off of a family member's PC that disabled the EXE file extension and anything in the control panel.  Took me  a while to figure out I could rename the exe files for Malbytes and Avast to CMD files and they would work.  I'm starting to rethink my chosen career.
Link Posted: 6/21/2011 3:46:44 AM EDT
[#8]


This. I had a nasty rootkit here on my work cpu.  ComboFix nailed it. Bleepingcomputers is the spot.
Link Posted: 6/21/2011 3:48:37 AM EDT
[#9]
register on the malwarebytes help forums and post a thread there per their instructions.  i did this and cleared a similar rootkit from my wife's computer.

they will get you fixed.  it's like the arfcom of antivirus and malware, and a lot of AV writers from different companies post and help there.

careful with combofix.  it needs to be run from the desktop iirc and it also needs to be removed a certain way.

just get on the malwarebytes forums; you will be instructed step-by-step on what to do, and you will probably be instructed on combofix anyhow.
Link Posted: 6/21/2011 3:51:35 AM EDT
[#10]



Quoted:


Wish I could understand the motivation of the pricks who take all the time and trouble to fuck with people's computers they don't know.


The idea is that if you can gain control of a computer, you can do several things:



1. silently use the computer to launch DDoS attacks

2. install adware (publishers pay a certain amount depending on the nationality of the PC; US usually pays the most, back in '04 or '05 it was 25 to 35 cents)

3. deny access to any media on the computer (i.e., documents, files, etc.) and blackmail the user into paying you to unlock said files

4. log passwords for bank accounts, credit cards, and other important sites for fraud

5. poorly written applications that try to accomplish the above while remaining undetectable but failing because the programmers are idiots

6. kiddies who just want to fuck shit up, who just delete all your shit (which is certainly ridiculous and makes no sense at all); I think this is the rarest, I attribute most PC fuckups attributable to malware to poorly written software



 
Link Posted: 6/21/2011 4:00:29 AM EDT
[#11]
Quoted:
I agree.  I have spent far too much time personally and professionally fixing these fucking virus infections.  It's akin to someone pouring sand in your gas tank.


Same with me. Last time I had an up to date Norton Anti-virus and it still made my computer un-bootable.

That is when I switched to Ubuntu, 2 years ago next month.

I keep Windows on a separate partition for the few programs that must have windows for work, but I never browse thw web or use email with it and I don't have any anti-virus on it.

and I am HAPPY again~~~~~!!!!!




To any one that has a bad infection, have a CD or USB drive with Ubuntu on it. When windows becomes unusable, boot Ubuntu from the CD or USB drive to get your data off of it. Ubuntu can read your windows partition.
Link Posted: 6/21/2011 4:15:00 AM EDT
[#12]
This is why family wont understand in the last year I have spend about 2k on computer security items. I Cisco ASA for my home router. I have OpenDNS set to block annoying things and I have added many ad sites to the block list. I use a NAS to keep daily backups of my desktop and laptop. I update full system images quarterly. I also have a 2TB USB HDD that gets a quarterly backup to it and it gets put in the safety deposit box. I have 8TB of backup space on my home network.

One of the eaisest and free things you can do is This I have this in all my computers including the ones at work.
Link Posted: 6/21/2011 4:16:24 AM EDT
[#13]



Quoted:


This is why family wont understand in the last year I have spend about 2k on computer security items. I Cisco ASA for my home router. I have OpenDNS set to block annoying things and I have added many ad sites to the block list. I use a NAS to keep daily backups of my desktop and laptop. I update full system images quarterly. I also have a 2TB USB HDD that gets a quarterly backup to it and it gets put in the safety deposit box. I have 8TB of backup space on my home network.



One of the eaisest and free things you can do is This I have this in all my computers including the ones at work.


Seems a little extreme for home use. Common sense generally prevails when you're trying to avoid malicious software.



 
Link Posted: 6/21/2011 4:20:38 AM EDT
[#14]



Quoted:


I agree.  I have spent far too much time personally and professionally fixing these fucking virus infections.  It's akin to someone pouring sand in your gas tank.


Try this.

 
Link Posted: 6/21/2011 4:28:35 AM EDT
[#15]
*shrug* I don't open attachments from people I don't know.  I don't open executable attachments if I'm not expecting them and/or I don't have verification they actually sent them.   I browse using firefox w/noscript and AdBlockPlus w/Easylist ... and I don't click everything that's linked like it's going out of style. never had a problem.  There's a bit more to it, but that will get you about 90% of the protection you'd need.  

having a separate box or a VM to do all your "potentially risky" stuff in doesn't hurt either.
Link Posted: 6/21/2011 4:31:26 AM EDT
[#16]
buy a mac
Link Posted: 6/21/2011 4:33:18 AM EDT
[#17]
Quoted:
I agree.  I have spent far too much time personally and professionally fixing these fucking virus infections.  It's akin to someone pouring sand in your gas tank.


Job security?
Link Posted: 6/21/2011 4:34:57 AM EDT
[#18]
I haven't opened any unknown attachments in...forever.  I just don't do that.



I keep my virus protection up to date.



But stuff can still get in.





As a matter of prudence, I never run things like a combofix based on a single recommendation for it.  I need it to be

recommended by multiple people at different sites in order to have any trust in it.



Now, I do, and I'll run it.



But I think Kaspersky already removed it.  It did give notice of a removal procedure.





What's kind of weird is that for this particular rootkit, I haven't yet found much of a description on it and what it usually does.





I think taking out part of the FAT must be part of it.



CJ


Link Posted: 6/21/2011 5:02:25 AM EDT
[#19]
Quoted:
*shrug* I don't open attachments from people I don't know.  I don't open executable attachments if I'm not expecting them and/or I don't have verification they actually sent them.   I browse using firefox w/noscript and AdBlockPlus w/Easylist ... and I don't click everything that's linked like it's going out of style. never had a problem.  There's a bit more to it, but that will get you about 90% of the protection you'd need.  

having a separate box or a VM to do all your "potentially risky" stuff in doesn't hurt either.


i do this too except easylist. what is that?
Link Posted: 6/21/2011 5:43:15 PM EDT
[#20]
I don't even have the system tools that are normally part of Windows.



I tried to install Nero to get the ability to burn files to a CD (the built-in Windows capability to burn CDs is also dead) and after completing

the installation, it said the install process had been interrupted and my system was unchanged.   Happened three consecutive times and

I didn't interrupt anything.





I've got to yank this hard drive, turn it into a slave drive, put it in another PC, and back up the files that way.   I'm pretty much out of

other options.



Fully updated virus scans show a clean drive.   I think that it's safe to do that.



I have some DOS commands available that may be helpful, fortunately.   I'm glad I come from the DOS days!





CJ




Close Join Our Mail List to Stay Up To Date! Win a FREE Membership!

Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!

You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.


By signing up you agree to our User Agreement. *Must have a registered ARFCOM account to win.
Top Top