Rootkits question...
-
The answers to your question are in the same article under the paragraph titles Can a Rootkit hide from RootkitRevealer and Is there a sure-fire way to know of a rootkit's presence in which they state that at the time the article was written (Nov 1, 2006) no rootkit yet observed had the sophistication to completely avoid detection, but they describe what it had to do to achieve this. So, the answer to your question is, it's possible...but not very likely. Have you tried all the normal spyware detectors and virus scanners to verify you aren't infected with something "normal"? Have you made sure you haven't set some setting that is increasing the load on your system? These are more likely culprits than a rootkit.
Yeah. I read that. That's why I thought to ask here too. I did a disk image and reinstalled and it's fast again but is that just par for a format? Does it imply something more... I'll leave it reformatted and give it back to the owner. She can always wonder I suppose. I ran Spybot S & D, Webroot a few online cleaners and AVG all came clean. Not even a ton of cookies.
-
Why would a rootkit need to slow down your computer to grab keystrokes or send out emails? rootkits can embed themselves in your BIOS and make themselves hidden from the OS. There's nothing MS or Virus software can do at that point.
Todd Smith
Understood. But the reformat fixed the issue if the issue was in fact "hostile".
-
Is anyone here leading edge on rootkit detection? http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx[^] I have a laptop that I'm positive has a kit. It's normally snappy, fast and all that. Now it's dodgy and slow (reminds me of a mac) :joke: and well... I'm wondering... the above tool is the one I trust most and it ran clean. So if anyone here can speak with authority. Are the rootkit authors still way ahead of the police on this? Can rootkits still be totally hidden or should the above tool find them with no trouble? If you want to know about rootkits the linked page at Microsoft actually was a good read. Not too long but still informative the polar opposite of MSDN but then it's got Russinovich involved so no surprise. They dude is a legend incarnate.
I haven't seen one yet that doesn't show at least something in RKR. I'm sure there's something out there, but i doubt most garden-variety malware authors would waste the effort - if you're running RKR, you're probably already outside of the target "audience". That said, if you're suspicious it can't hurt to cover your bases: keep an eye on your router logs, set up your firewall to block everything for a while, etc. But you're probably better of looking at running processes/services first - i had an afternoon last week where my machine slowed to a crawl, finally tracked it down to having accidentally hit F1 in Visual Studio (
dexplore.exewas sitting in the background, windowless, chewing up an entire core).Citizen 20.1.01
'The question is,' said Humpty Dumpty, 'which is to be master - that's all.'
-
Is anyone here leading edge on rootkit detection? http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx[^] I have a laptop that I'm positive has a kit. It's normally snappy, fast and all that. Now it's dodgy and slow (reminds me of a mac) :joke: and well... I'm wondering... the above tool is the one I trust most and it ran clean. So if anyone here can speak with authority. Are the rootkit authors still way ahead of the police on this? Can rootkits still be totally hidden or should the above tool find them with no trouble? If you want to know about rootkits the linked page at Microsoft actually was a good read. Not too long but still informative the polar opposite of MSDN but then it's got Russinovich involved so no surprise. They dude is a legend incarnate.
I suspect the issue will have more to do with the services that were running, and the service packs/updates that have been applied. You've gone back to what's effectively a clean machine, so the machine will be snappier. Just wait till a few updates have been applied before it goes back to sluggish sloth mode.
"WPF has many lovers. It's a veritable porn star!" - Josh Smith
-
I suspect the issue will have more to do with the services that were running, and the service packs/updates that have been applied. You've gone back to what's effectively a clean machine, so the machine will be snappier. Just wait till a few updates have been applied before it goes back to sluggish sloth mode.
"WPF has many lovers. It's a veritable porn star!" - Josh Smith
This laptop has *SICK* resources. So she bought VMWorkstation 6.0 and I'm installing it. She will do all web and other "interesting" activities in the VM which will automatically discard changes each time it's powered down. She is only allowed to do "work related" stuff in the host OS and she is just savvy enough to see the merit in the idea, approve of it and also understand how to do it all.
-
Is anyone here leading edge on rootkit detection? http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx[^] I have a laptop that I'm positive has a kit. It's normally snappy, fast and all that. Now it's dodgy and slow (reminds me of a mac) :joke: and well... I'm wondering... the above tool is the one I trust most and it ran clean. So if anyone here can speak with authority. Are the rootkit authors still way ahead of the police on this? Can rootkits still be totally hidden or should the above tool find them with no trouble? If you want to know about rootkits the linked page at Microsoft actually was a good read. Not too long but still informative the polar opposite of MSDN but then it's got Russinovich involved so no surprise. They dude is a legend incarnate.
code-frog wrote:
So if anyone here can speak with authority. Are the rootkit authors still way ahead of the police on this? Can rootkits still be totally hidden or should the above tool find them with no trouble?
I can speak with sufficient authority on this particular subject as I have studied rootkit/anti-rootkit techniques for several years. Yes, rootkits have reached a level where they can remain completely and absolutely undetectable to the host machine. RootkitRevealer[^] is no longer being developed and should not be relied upon. It will only detect hidden file objects and registry keys belonging to very old rootkits. Nearly all of the rootkits currently in the wild use RootkitRevealer as a testing reference to ensure their files are hidden. GMER[^] does a slightly better job. RADIX[^] although not very popular... is an excellent runtime forensic tool. The chance that you have obtained one of these advanced rootkits is extremely low. Most of these high-level rootkits never leave the proof-of-concept stage and enter the wild. It is more likely that some memory hog or spyware is causing the symptoms you are experiencing. Best Wishes, -David Delaune
-
Is anyone here leading edge on rootkit detection? http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx[^] I have a laptop that I'm positive has a kit. It's normally snappy, fast and all that. Now it's dodgy and slow (reminds me of a mac) :joke: and well... I'm wondering... the above tool is the one I trust most and it ran clean. So if anyone here can speak with authority. Are the rootkit authors still way ahead of the police on this? Can rootkits still be totally hidden or should the above tool find them with no trouble? If you want to know about rootkits the linked page at Microsoft actually was a good read. Not too long but still informative the polar opposite of MSDN but then it's got Russinovich involved so no surprise. They dude is a legend incarnate.
-
Is anyone here leading edge on rootkit detection? http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx[^] I have a laptop that I'm positive has a kit. It's normally snappy, fast and all that. Now it's dodgy and slow (reminds me of a mac) :joke: and well... I'm wondering... the above tool is the one I trust most and it ran clean. So if anyone here can speak with authority. Are the rootkit authors still way ahead of the police on this? Can rootkits still be totally hidden or should the above tool find them with no trouble? If you want to know about rootkits the linked page at Microsoft actually was a good read. Not too long but still informative the polar opposite of MSDN but then it's got Russinovich involved so no surprise. They dude is a legend incarnate.
I installed a virtual dvd drive, I think it was from daemon tools. The virtual driver caused some kind of hardware interupt problem on my notebook and made it slower than hell. It took me 3 weeks to figure out that this was the cause of the problem. The processor usage would always be jumping up but there was no executable running.
I didn't get any requirements for the signature
-
Is anyone here leading edge on rootkit detection? http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx[^] I have a laptop that I'm positive has a kit. It's normally snappy, fast and all that. Now it's dodgy and slow (reminds me of a mac) :joke: and well... I'm wondering... the above tool is the one I trust most and it ran clean. So if anyone here can speak with authority. Are the rootkit authors still way ahead of the police on this? Can rootkits still be totally hidden or should the above tool find them with no trouble? If you want to know about rootkits the linked page at Microsoft actually was a good read. Not too long but still informative the polar opposite of MSDN but then it's got Russinovich involved so no surprise. They dude is a legend incarnate.
code-frog wrote:
It's normally snappy, fast and all that. Now it's dodgy and slow
Sure it's not just your bog-standard Windows bit-rot? :-D
-
code-frog wrote:
It's normally snappy, fast and all that. Now it's dodgy and slow
Sure it's not just your bog-standard Windows bit-rot? :-D
Hi, If your laptop is not performing as it should, and you cannot find any obvious issues with it, may I suggest that you check out your power supply. I had a laptop that was running very sluggish, turned out that the power supply was faulty, and was delivering power at a slightly lower voltage, causing slower processing times. It's worth a try.
-
Is anyone here leading edge on rootkit detection? http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx[^] I have a laptop that I'm positive has a kit. It's normally snappy, fast and all that. Now it's dodgy and slow (reminds me of a mac) :joke: and well... I'm wondering... the above tool is the one I trust most and it ran clean. So if anyone here can speak with authority. Are the rootkit authors still way ahead of the police on this? Can rootkits still be totally hidden or should the above tool find them with no trouble? If you want to know about rootkits the linked page at Microsoft actually was a good read. Not too long but still informative the polar opposite of MSDN but then it's got Russinovich involved so no surprise. They dude is a legend incarnate.
Why do so many people still take for granted that a computer can get infected with rootkits in the first place? Getting rootkits is one thing, preventing them another... Have you ever tried EasyMalwareBlocker? (www.easymalwareblocker.com) :thumbsup: Ever since I use this program my machine never got infected with any kind of malware, including rootkits!
-
Is anyone here leading edge on rootkit detection? http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx[^] I have a laptop that I'm positive has a kit. It's normally snappy, fast and all that. Now it's dodgy and slow (reminds me of a mac) :joke: and well... I'm wondering... the above tool is the one I trust most and it ran clean. So if anyone here can speak with authority. Are the rootkit authors still way ahead of the police on this? Can rootkits still be totally hidden or should the above tool find them with no trouble? If you want to know about rootkits the linked page at Microsoft actually was a good read. Not too long but still informative the polar opposite of MSDN but then it's got Russinovich involved so no surprise. They dude is a legend incarnate.
Check your bios and see if your HD has a mode like 'bypass'. Switch it to performance and it will speed up quite a bit. I have run into several systems that changed to bypass for no apparent reason. ;)
-
code-frog wrote:
So if anyone here can speak with authority. Are the rootkit authors still way ahead of the police on this? Can rootkits still be totally hidden or should the above tool find them with no trouble?
I can speak with sufficient authority on this particular subject as I have studied rootkit/anti-rootkit techniques for several years. Yes, rootkits have reached a level where they can remain completely and absolutely undetectable to the host machine. RootkitRevealer[^] is no longer being developed and should not be relied upon. It will only detect hidden file objects and registry keys belonging to very old rootkits. Nearly all of the rootkits currently in the wild use RootkitRevealer as a testing reference to ensure their files are hidden. GMER[^] does a slightly better job. RADIX[^] although not very popular... is an excellent runtime forensic tool. The chance that you have obtained one of these advanced rootkits is extremely low. Most of these high-level rootkits never leave the proof-of-concept stage and enter the wild. It is more likely that some memory hog or spyware is causing the symptoms you are experiencing. Best Wishes, -David Delaune
Randor wrote:
The chance that you have obtained one of these advanced rootkits is extremely low. Most of these high-level rootkits never leave the proof-of-concept stage and enter the wild. It is more likely that some memory hog or spyware is causing the symptoms you are experiencing.
That's what I thought, and told him...
Randor wrote:
GMER[^] does a slightly better job. RADIX[^] although not very popular... is an excellent runtime forensic tool.
...but thanks VERY much for these links :)
-
Yeah. I read that. That's why I thought to ask here too. I did a disk image and reinstalled and it's fast again but is that just par for a format? Does it imply something more... I'll leave it reformatted and give it back to the owner. She can always wonder I suppose. I ran Spybot S & D, Webroot a few online cleaners and AVG all came clean. Not even a ton of cookies.
It could be part for a reformat. My laptop got dog slow one day. After a few weeks, I figured out that it had somehow spontaneously turned the disk caching off. Turned it back on and everything was snappy again (well, as snappy as a 2000-era laptop can be).
patbob