rootkit
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | rootkit [2013/01/28 04:29] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Torpig/ | ||
+ | This has been around for awhile now, but I'm just getting around to looking into it. This moved up on my priority list with realizing a half dozen machines were infected. Basically, Mebroot is a rootkit that resides in the Master Boot Record (MBR) of the file system. This downloads the Torpig files that enable it to steal personal information. | ||
+ | ===== Detection ===== | ||
+ | This is easy to see when watching network traffic on another machine. | ||
+ | |||
+ | ===== Removal ===== | ||
+ | I recommend using the UBCD4Windows. | ||
+ | - Run FixMBR | ||
+ | - Delete all system restore points | ||
+ | - Scan with each AntiSpyware and AntiVirus tool | ||
+ | - Boot to safe mode with networking | ||
+ | - Update all AntiSpyware and AntiVirus tools | ||
+ | - Scan with each | ||
+ | - Boot to normal mode and monitor network traffic | ||
+ | |||
+ | <hr> | ||
+ | |||
+ | http:// | ||
+ | http:// | ||
+ | http:// | ||
+ | http:// | ||
+ | http:// | ||
+ | http:// | ||
+ | http:// | ||
+ | http:// | ||
+ | http:// | ||
+ | http:// | ||
+ | http:// | ||
+ | |||
+ | |||
+ | |||
+ | -- Main.FredPettis - 23 Apr 2009 |
rootkit.txt · Last modified: 2013/01/28 04:29 by 127.0.0.1