Results 1 to 6 of 6

Thread: RootKit, malware chase

  1. #1
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,366

    Exclamation RootKit, malware chase

    Ok, so I seem to have a problem at work. My phone has Wifi, and I conect it to my work's network. Last week the phone got weird and applications stopped working. My wife (She has the same phone) even got a redirection on Opera.
    Yesterday we had to re-install the web part of a multifunction printer because it was redirecting. So I came to the conclusion that we have a root kit. Why? because all computers should have McAfee up to date on them. I say Should, because maybe someone brought a computer from home.
    Anyhow, I need to check the computers and I was wondering what do you guys recommend. I have scheduled AV scans in the network. But I cannot do check on all PCs with hijackThis. It will take me forever.
    Any Suggestions??

  2. #2
    Friendly Neighborhood Super Moderator phishhead's Avatar
    Join Date
    Apr 2002
    Location
    San Diego, Ca.
    Posts
    3,622
    I've been having good luck with malwarebytes.



  3. #3
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,366
    Yes, but I need to run it in each machine. I have 40 here. It could be an endless chase.

  4. #4
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,735
    Dehc, maybe you could put malware bytes (or Curio's Autoclean) app in the ClientApps folder in your domain, and edit the login_script.bat to do a scan on start-up... then once everything is installed/cleaned etc, just remove the apps/scripts

    Goodluck!

    --- 0wN3D by 3gG ---

  5. #5
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,366
    I was also going to find out if I could deploy it thru group policy, but since my last test failed (I tried to deploy MSN messenger, since we want to use it to get everyone more communicated).
    I will look into your suggestion today.
    I have scheduled to come tomorrow to the office to run the cleaning, so I can get it over with.

  6. #6
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,735
    Old post, but any luck Dehc?

    --- 0wN3D by 3gG ---

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •