Constant Guard Service Alert
EGO-II.1
eoconnor25 at gmail.com
Sun Sep 7 17:54:22 UTC 2014
On 09/07/2014 12:40 PM, Doug wrote:
>
> On 09/07/2014 09:29 AM, Bat Phil wrote:
>> When you say you got an "alert" do you mean an e-mail or an instant
>> message type alert?
>>
> /snip/
>>
>> On 7 September 2014 13:55, Mickey <binarynut at comcast.net
>> <mailto:binarynut at comcast.net>> wrote:
>>
>> Then as a Linux user it does not apply to me or do I have to
>> remove it and How ?
>>
>>
>>
>>
>> On 09/06/2014 08:47 PM, Mark Bidewell wrote:
>>> Interesting, I got an alert at 6:33PM. My PCs are OSX, Linux
>>> Mint and SolydXK with assorted VMs. I'm scanning, but I wonder
>>> if there is a malfunction as the bot detected was Windows
>>> related. Go to: https://amibotted.comcast.net/. My output reads:
>>>
>>> ================
>>>
>>> Bot Notes:
>>>
>>> Threat behaviors: Downloads rootkits and steals sensitive
>>> information.
>>> Threat type (intent): Information Stealer (Information Theft &
>>> Sublease tool).
>>> Alternate names: W32.Rootkit /W32.Alureon/
>>> W32.Renos/W32.TDSS/W32.DNSChanger
>>> Threat behavior description:
>>> The TDL/TDSS Gang (aka., Tyler Durden Loader). The TDL rootkit is
>>> a Master Boot Record (MBR) infector, targeting Microsoft Windows
>>> systems. The latest TDL rootkit is currently Version 4, and
>>> utilizes MBR hooking, a process that deceives a user by appearing
>>> to have been initially deleted. Upon a system restart, the
>>> rootkit/trojan is re-installed. This provides the remote attacker
>>> highly persistent backdoors into victim systems. Public research
>>> estimates the TDL/TDSS group to have been in operation since
>>> mid-2008.
>>>
>>> Observed traits:
>>> The TDL/TDSS rootkit has been observed spreading via spam and
>>> phishing e-mails. The observed stages of infection are as follows:
>>>
>>> Infect a victim (Stage 1) via spam, drive-by-downloads, and
>>> malicious attachments.Wait idle until the Stage 2 Trojan is ready
>>> for download.
>>> Load a rootkit Trojan (Stage 2).
>>> Alter the system to obfuscate Stage 1 and 2 infections (Stage 3).
>>> Infect other sites, allowing third-party access to sensitive
>>> information.
>>>
>>> Capabilities:
>>> After an initial infection, the Stage 2 rootkit is normally
>>> loaded via a fast-flux worm. Once the infection has passed to
>>> Stage 3, various other threats (such as ZeusBot, Buzus, RogueAV,
>>> PoisonIvy, etc.) may be installed and utilized by criminal
>>> operators. The authors behind the RudeWarlockMob are members of a
>>> professional criminal organization that also offers affiliate
>>> funding to anonymous distribution providers, infection operators,
>>> and other criminals.
>>>
>>> Times Seen: 23
>>>
>>>
> /snip/
>
> I am not on comcast, and I use Windows only occasionally, but the
> question was not answered, to wit: how would someone tell if he had a
> rootkit in windows,
> and if he found out that he did, what would be the most effective way
> to remove it, short of reinstalling the system, of course. Preferably
> without
> paying for the privilege!
>
> --doug
Don't know if this is what you were looking for or asking about but
check these out?...I don't use anything but Linux so I don't know what
the equivalent would be.....but these might be useful in some way.
https://support.norton.com/sp/en/us/home/current/solutions/kb20100824120155EN_EndUserProfile_en_us
http://support.kaspersky.com/viruses/solutions/5353
http://www.techrepublic.com/blog/data-center/rootkits-is-removing-them-even-possible/
HTH
EGO II
More information about the users
mailing list