Rootkit problem
Posted: Fri Nov 25, 2005 12:49 am
Well it's that time of the year again, the holidays... I had my sister come visit me from college and as always I tune her PC up every time. I usually clean the same old stuff off, cannon fodder spyware and adware, occasionally a virus or trojan; Nothing the scanners can't pick up.
This time I've run into the proverbial brick wall. A Rootkit, or what sure as hell seems to be one. I first started trying to clean her pc up by removing all the useless programs from loading on startup. This had little to no effect on the horrendously long time to boot windows(probably around 5-10 min!).
I pretty much figured there was a deeper problem, not one solved so easily. Rootkit was the first thing which sprung to mind. Thus I downloaded a Rootkit reveal app and the problem was even more grand then I could have ever expected.
I think the picture will speak for itself.
So right now I'm in between a rock and a hard place and looking for any help which could be provided. I hadn't even began to study this sort of thing in my IT class so I'm sorry I can't give very much input.
Another program I used was Filemon to see all the kernel calls(I suppose that's what they are). I've seen quite a bit of suspicious activity from the "C:\Windows\Downloaded Program Files" folder. Upon finding this folder and searching through it, I didn't see any of the files or folders I saw calls to from the API. The folders were named something along the lines of "Conflict.1, Conflict.2, and Conflict.3". And one of the files names I noted was OSD1316.OSD.
Upon trying to browse to the file via command prompt, I got the message that the Downloaded Program Files folder didn't exist!
Please, any input would be valued! Thanks for taking the time to read this,
(EDIT: Sorry! Forgot the system specs of my sis's laptop. Windows XP Pro, Pentium 4 2.2 ghz or so, 256 or 512 DDR memory. I can't get the exact specs at the moment, this is just offhand.)
~Matt Davis
This time I've run into the proverbial brick wall. A Rootkit, or what sure as hell seems to be one. I first started trying to clean her pc up by removing all the useless programs from loading on startup. This had little to no effect on the horrendously long time to boot windows(probably around 5-10 min!).
I pretty much figured there was a deeper problem, not one solved so easily. Rootkit was the first thing which sprung to mind. Thus I downloaded a Rootkit reveal app and the problem was even more grand then I could have ever expected.
I think the picture will speak for itself.
So right now I'm in between a rock and a hard place and looking for any help which could be provided. I hadn't even began to study this sort of thing in my IT class so I'm sorry I can't give very much input.
Another program I used was Filemon to see all the kernel calls(I suppose that's what they are). I've seen quite a bit of suspicious activity from the "C:\Windows\Downloaded Program Files" folder. Upon finding this folder and searching through it, I didn't see any of the files or folders I saw calls to from the API. The folders were named something along the lines of "Conflict.1, Conflict.2, and Conflict.3". And one of the files names I noted was OSD1316.OSD.
Upon trying to browse to the file via command prompt, I got the message that the Downloaded Program Files folder didn't exist!
Please, any input would be valued! Thanks for taking the time to read this,
(EDIT: Sorry! Forgot the system specs of my sis's laptop. Windows XP Pro, Pentium 4 2.2 ghz or so, 256 or 512 DDR memory. I can't get the exact specs at the moment, this is just offhand.)
~Matt Davis