Real rootkits are not as easy as you think. There are basic ones that are user land and those are just hooks into certain dll's and do some basic injecting. Good kernel level rootkits can undo anything you try to do. I mean you need to be pretty well versed in things like softice to really really know if you got rid of all the kernel level rootkits. Just using a software and scanning isn't very "proper". How do you know you removed it? Because a software tool told you there isn't one installed?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thane Sherrington (S) Sent: Friday, February 10, 2006 12:04 PM To: The Hardware List Subject: RE: [H] Suggested tools for helping a friend with bad virusinfestation At 03:46 PM 10/02/2006, Mesdaq, Ali wrote: >your system as the virus does. Virus can install a rootkit to patch your >operating system so that you don't see its network traffic, filesystem >activity, kernel operations, and registry activity. It could even patch >the OS so that any tools you use will not display proper output. Now in I know all that. I remove rootkits fairly often, actually. If you scan properly, and use the right tools, it isn't a couple of days of work, it's a couple of hours. T
