RootKit Revealer?

ninjaman001

ninjaman001

New Member
Reaction score
1
Location
Baton Rouge, LA
I am a hardware tech on the job, but I have learned to troubleshoot software and OS issues over the years. I am getting pretty good at removing spyware/malware thanks to sites like spyware warrior, spyware info, etc. I read a lot of the HiJackThis threads to learn how to remove "nasties" and such. Now I'm curious about Rootkits and how they work. Can anyone give me a "brief" summary as to how you would use Rootkit Revealer in a real-world situation? :confused:
 
root kits basically give an attacker admin rights to the system. they can do anything they want with that root kit. The kit gives them a back door if you will to the system. Most root kits are hidden and are not shown in the running processes list so a root kit revealer searches the system for any and removes them.
 
Thanks Coldone,

So would you consider this a part of your normal thing to run on a malware infected box? I usually run the anti-virus, anti-spyware, anti-trojan apps; should I add this to a basic clean scenario?
 
Rootkits have one goal: to hide the malware they are designed or configured to hide.

You install a rootkit, then your malware and nothing on that windows computer can see the malware. Thats the goal anyways. There are many good rootkit finding tools. Rootkit Revealer is a good one. I find rootkits on many boxes that look perfectly clean. So its always good to run them.
 
greggh said:
Rootkits have one goal: to hide the malware they are designed or configured to hide.

You install a rootkit, then your malware and nothing on that windows computer can see the malware. Thats the goal anyways. There are many good rootkit finding tools. Rootkit Revealer is a good one. I find rootkits on many boxes that look perfectly clean. So its always good to run them.
Click to expand...

What Greg said.
 
ninjaman001 said:
I am a hardware tech on the job, but I have learned to troubleshoot software and OS issues over the years. I am getting pretty good at removing spyware/malware thanks to sites like spyware warrior, spyware info, etc. I read a lot of the HiJackThis threads to learn how to remove "nasties" and such. Now I'm curious about Rootkits and how they work. Can anyone give me a "brief" summary as to how you would use Rootkit Revealer in a real-world situation? :confused:
Click to expand...

I know this is an old thread, but we have a customer who was actively being hacked and trying to obtain the SA password for the SQL database. Luckily, it doesn't look like they got to it. But somehow got around the hardware firewall in place. Anyways, this is a perfect example of a time to run Rootkit Revealer. Hacker already got in, so they possibly left something that normal Antivirus/Spyware/Malware is not going to pick up.
 
AdvancedComputerGroupInc said:
I'd wager it was end user error hat allowed them to get in, unless they running a public web server, or php/asp/javascript based sites, or any other public based servers?
Click to expand...

No public web server, the only ports open on the firewall was RDP that was only to our office. I don't remember the exact model of firewall they are running, but it's a Zywall. Another company setup their network, and the Zywall was in place already. We secured the Zywall when we took over, so their must be an exploit of some sort that allowed the hacker in.
 
You must log in or register to reply here.

Similar threads

Blue House Computer Help
Rootkit scanning and removal
2
Replies
20
Views
2K
Sky-Knight
Sky-Knight
thecomputerguy
It finally happened to me.
2
Replies
29
Views
3K
callthatgirl
callthatgirl
GTP
Got this missive this morning...
Replies
13
Views
1K
xrobwx71
xrobwx71
HCHTech
Email authentication help
Replies
7
Views
1K
Sky-Knight
Sky-Knight
Appletax
[SOLVED] In need of mobo standoffs + wrench tool
2
Replies
22
Views
3K
frase
frase
Back
Top