Constant Guard Service Alert

[Doug]

On 09/07/2014 09:29 AM, Bat Phil wrote:
> When you say you got an "alert" do you mean an e-mail or an instant 
> message type alert?
>
/snip/
>
> On 7 September 2014 13:55, Mickey <binarynut at comcast.net 
> <mailto:binarynut at comcast.net>> wrote:
>
>     Then as a Linux user it does not apply to me or do I have to
>     remove it and How ?
>
>
>
>
>     On 09/06/2014 08:47 PM, Mark Bidewell wrote:
>>     Interesting, I got an alert at 6:33PM.  My PCs are OSX, Linux
>>     Mint and SolydXK with assorted VMs.  I'm scanning, but I wonder
>>     if there is a malfunction as the bot detected was Windows
>>     related.  Go to: https://amibotted.comcast.net/.  My output reads:
>>
>>     ================
>>
>>     Bot Notes:
>>
>>     Threat behaviors:  Downloads rootkits and steals sensitive
>>     information.
>>     Threat type (intent): Information Stealer (Information Theft &
>>     Sublease tool).
>>     Alternate names: W32.Rootkit /W32.Alureon/
>>     W32.Renos/W32.TDSS/W32.DNSChanger
>>     Threat behavior description:
>>     The TDL/TDSS Gang (aka., Tyler Durden Loader). The TDL rootkit is
>>     a Master Boot Record (MBR) infector, targeting Microsoft Windows
>>     systems. The latest TDL rootkit is currently Version 4, and
>>     utilizes MBR hooking, a process that deceives a user by appearing
>>     to have been initially deleted. Upon a system restart, the
>>     rootkit/trojan is re-installed. This provides the remote attacker
>>     highly persistent backdoors into victim systems. Public research
>>     estimates the TDL/TDSS group to have been in operation since
>>     mid-2008.
>>
>>     Observed traits:
>>     The TDL/TDSS rootkit has been observed spreading via spam and
>>     phishing e-mails. The observed stages of infection are as follows:
>>
>>     Infect a victim (Stage 1) via spam, drive-by-downloads, and
>>     malicious attachments.Wait idle until the Stage 2 Trojan is ready
>>     for download.
>>     Load a rootkit Trojan (Stage 2).
>>     Alter the system to obfuscate Stage 1 and 2 infections (Stage 3).
>>     Infect other sites, allowing third-party access to sensitive
>>     information.
>>
>>     Capabilities:
>>     After an initial infection, the Stage 2 rootkit is normally
>>     loaded via a fast-flux worm. Once the infection has passed to
>>     Stage 3, various other threats (such as ZeusBot, Buzus, RogueAV,
>>     PoisonIvy, etc.) may be installed and utilized by criminal
>>     operators. The authors behind the RudeWarlockMob are members of a
>>     professional criminal organization that also offers affiliate
>>     funding to anonymous distribution providers, infection operators,
>>     and other criminals.
>>
>>     Times Seen: 23
>>
>>
/snip/

I am not on comcast, and I use Windows only occasionally, but the 
question was not answered, to wit: how would someone tell if he had a 
rootkit in windows,
and if he found out that he did, what would be the most effective way to 
remove it, short of reinstalling the system, of course. Preferably without
paying for the privilege!

--doug