Zero access Rootkit

Thomas Milne thomas.bruce.milne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Nov 28 15:07:56 UTC 2013


On Nov 26, 2013 10:15 AM, "Neil Watson" <tlug-neil-8agRmHhQ+n2CxnSzwYWP7Q at public.gmane.org> wrote:
>
> Symantec has a removal tool.
>
http://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99&tabid=3
>
> I would be very suspicious of that host even after successful remove.
> Consider a reinstall for complete safety.

It sure is a nasty one. He used a free Avast tool and it didn't even find
it. Then he used something called Eset, recommended by Rogers, to remove it
but that seems to have temporarily hosed some system files, which is I
guess where a lot of Trojans try and hide.

The system is back up and running, but I will recommend he at least keep
one or more of these rescue CDs around in case.

Thanks :-)

> --
> Neil Watson
> Linux/UNIX Consultant
> http://watson-wilson.ca
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20131128/b2ef4c37/attachment.html>


More information about the Legacy mailing list