Constant Guard Service Alert

EGO-II.1 eoconnor25 at gmail.com
Sun Sep 7 17:54:22 UTC 2014 

On 09/07/2014 12:40 PM, Doug wrote:
>
> On 09/07/2014 09:29 AM, Bat Phil wrote:
>> When you say you got an "alert" do you mean an e-mail or an instant 
>> message type alert?
>>
> /snip/
>>
>> On 7 September 2014 13:55, Mickey <binarynut at comcast.net 
>> <mailto:binarynut at comcast.net>> wrote:
>>
>>     Then as a Linux user it does not apply to me or do I have to
>>     remove it and How ?
>>
>>
>>
>>
>>     On 09/06/2014 08:47 PM, Mark Bidewell wrote:
>>>     Interesting, I got an alert at 6:33PM.  My PCs are OSX, Linux
>>>     Mint and SolydXK with assorted VMs.  I'm scanning, but I wonder
>>>     if there is a malfunction as the bot detected was Windows
>>>     related.  Go to: https://amibotted.comcast.net/.  My output reads:
>>>
>>>     ================
>>>
>>>     Bot Notes:
>>>
>>>     Threat behaviors:  Downloads rootkits and steals sensitive
>>>     information.
>>>     Threat type (intent): Information Stealer (Information Theft &
>>>     Sublease tool).
>>>     Alternate names: W32.Rootkit /W32.Alureon/
>>>     W32.Renos/W32.TDSS/W32.DNSChanger
>>>     Threat behavior description:
>>>     The TDL/TDSS Gang (aka., Tyler Durden Loader). The TDL rootkit is
>>>     a Master Boot Record (MBR) infector, targeting Microsoft Windows
>>>     systems. The latest TDL rootkit is currently Version 4, and
>>>     utilizes MBR hooking, a process that deceives a user by appearing
>>>     to have been initially deleted. Upon a system restart, the
>>>     rootkit/trojan is re-installed. This provides the remote attacker
>>>     highly persistent backdoors into victim systems. Public research
>>>     estimates the TDL/TDSS group to have been in operation since
>>>     mid-2008.
>>>
>>>     Observed traits:
>>>     The TDL/TDSS rootkit has been observed spreading via spam and
>>>     phishing e-mails. The observed stages of infection are as follows:
>>>
>>>     Infect a victim (Stage 1) via spam, drive-by-downloads, and
>>>     malicious attachments.Wait idle until the Stage 2 Trojan is ready
>>>     for download.
>>>     Load a rootkit Trojan (Stage 2).
>>>     Alter the system to obfuscate Stage 1 and 2 infections (Stage 3).
>>>     Infect other sites, allowing third-party access to sensitive
>>>     information.
>>>
>>>     Capabilities:
>>>     After an initial infection, the Stage 2 rootkit is normally
>>>     loaded via a fast-flux worm. Once the infection has passed to
>>>     Stage 3, various other threats (such as ZeusBot, Buzus, RogueAV,
>>>     PoisonIvy, etc.) may be installed and utilized by criminal
>>>     operators. The authors behind the RudeWarlockMob are members of a
>>>     professional criminal organization that also offers affiliate
>>>     funding to anonymous distribution providers, infection operators,
>>>     and other criminals.
>>>
>>>     Times Seen: 23
>>>
>>>
> /snip/
>
> I am not on comcast, and I use Windows only occasionally, but the 
> question was not answered, to wit: how would someone tell if he had a 
> rootkit in windows,
> and if he found out that he did, what would be the most effective way 
> to remove it, short of reinstalling the system, of course. Preferably 
> without
> paying for the privilege!
>
> --doug

Don't know if this is what you were looking for or asking about but 
check these out?...I don't use anything but Linux so I don't know what 
the equivalent would be.....but these might be useful in some way.


https://support.norton.com/sp/en/us/home/current/solutions/kb20100824120155EN_EndUserProfile_en_us

http://support.kaspersky.com/viruses/solutions/5353

http://www.techrepublic.com/blog/data-center/rootkits-is-removing-them-even-possible/ 



HTH


EGO II

More information about the users mailing list