Solved

ROOTKITS

Posted on 2004-04-25
6
673 Views
Last Modified: 2012-06-27
I do I get rid of Rootkits on my system?
0
Comment
Question by:CORRY23
  • 2
6 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 25 total points
ID: 10912428
Scanning for Rootkits
http://www.linuxdevcenter.com/pub/a/linux/2002/02/07/rootkits.html

chkrootkit Rootkit Scanner
http://www.linuxdevcenter.com/pub/a/linux/2002/02/07/rootkits.html?page=2

From Above
The chkrootkit package contains seven small applications. The main progam, chkrootkit, is used to detect known rootkit signatures. In addition to searching for a rootkit's default files, it also checks core system binaries for malicious content. The remaining applications in the package are ifpromisc, which helps to find out whether a network interface is in promiscuous mode (remember you can't trust netstat), chklastlog, chkwtmp, and check_wtmpx, all of which detect deletions in various log files, chkproc, which detects Loadable Kernel Module (LKM) trojans and hidden processes, and finally strings, which is a simple implementation of the Unix strings utility.



0
 
LVL 7

Expert Comment

by:msice
ID: 10933547
You rebuild it.
0
 

Assisted Solution

by:skjortan
skjortan earned 25 total points
ID: 10984010
That depends on what systems you have. are we talking windows, Linux or solaris ??

if we are talking windows you might have a real problem. Some of the windows rootkits are really kernel plugins that loads before the OS has booted and are quite hard to get rid of.

I can reccomend VICE from www.rootkit.com it will find most if not all exixting rootkits for win32.


But your real question was: How do i get rid of rootkits?

Well the best aproache is:
1. run a scanner.
2. then boot the machine with a boot CD like Knoppix
3. Delete the files
4. reboot
 
0
 
LVL 7

Expert Comment

by:msice
ID: 10987875
You will never be certain that you have removed all of it/them. Unless you are in a controlled lab environment or have 100% snapshot of the system before the rootkit/s were implemented.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What is the best password manager? 12 145
Disable Security Alert  popup in Winforms  embedded webbrowser. 1 30
Local User Account Group Policy 8 43
Admin account lockout 10 39
As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question