trimMail’s Email Battles · Rootkitters Lay in Wait for Vista 2006

When Microsoft admits that half of all pre-SP2 Windows XPs and a fifth of post-SP2 XPs are infected with rootkits, you can be fairly certain there’s a problem.

Microsoft even offers a free rootkit detection and removal tool for Windows XP, Windows 2000, and Windows Server 2003. Takes out a number of viruses and well-known rootkits: Antinny, Bagle, Bagz, Berbew, Blaster, Bobax, Bropia, Bugbear, Codbot, DoomJuice, Dumaru, Esbot, Gael , Gaobot, Gibe , Goweh, Hacker Defender, Hacty, Ispro, Kelvir, Korgo, Lovgate, Mabutu, Mimail, Mydoom, Mytob, Mywife , Nachi, Netsky, Opaserv, Optix, Optixpro, Purstiu, Randex, Rbot, Sasser, Sdbot, Sober, Sobig, Spybot, Spyboter, Swen, Wootbot, Wukill, Yaha , Zafi, Zindos, Zotob.

F-Secure’s Blacklight Rootkit Elimination tool works on the same systems. It’s free too, at least till the new year.

Life gets a bit sketchier for pre-XP, pre-NT 4.0 systems. As of this writing, we found just one anti-virus operation that aggressively pushes a product for removing rootkits from Windows XP, Windows ME, Windows 2000 Workstation and Windows 98. Email Battles affiliate partner webroot claims webroot SpySweeper removes mutated or “rootkit” spies.

Despite all the rootkit removal happy talk, most experts agree that the only way to be sure you’ve fixed a Windows system post-rootkit is to reformat your hard disk, then reinstall it with all Service Packs. But it’s much better to block them before they get a shot at you. Since a preferred delivery method is email attachments, strip executables whenever possible. Users can’t open attachments they don’t get.

And don’t expect life to get much better after Windows Vista’s release, even though it promises to make rootkits easier to spot.

When asked about the future of rootkits on Vista, Hacker Defender’s author replied, “Some kernel methods will still work (like filter drivers), but … I think that all these protection will affect kernel mode rookits only which mean it would be possible to rewrite hxdef - or write somethign similar in user mode - that would really work even on OS with such kernel protection This is great, isn’t it ?:))”

Turns out, rootkitters are more excited about Vista than you are.

Background (updated):

Anti-Virus Solution: More Anti-Virus; Email Battles; 9 November 2005.

How To Dig Out Rootkits; Email Battles; 22 March 2005.

P2P Safer Than Buying The DVD; Email Battles; 11 November 2005.

Rootkit Guru: Win 9x/ME Are Hopeless; Email Battles; 13 December 2005.

Signature War: Rootkits vs Antivirus; Email Battles; 19 October 2005.

2 comments

Comments feed for this article

December 8th, 2005 at 2:07 pm

Don

In my experience, the only reliable way to remove a rootkit is to format your hard drive and start from scratch.

December 8th, 2005 at 2:44 pm

Scrap

sometimes you can find removal instructions online, depending on which rootkit has infiltrated your system. in other cases, reformatting is your only option.

Rootkitters Lay in Wait for Vista 2006

Network Tools

News Sections

Recent Comments

2 comments

About Email Battles

NewsBytes

Chase trashes Circuit City customers

Vista for 100 bucks?

Dropped iPod Leads to Terror Alert

Intel Wi-Fi update ate my CPU cycles

Email Battles down for the count

NewsWire

Log Buffer #71: a Carnival of the Vanities for DBAs

Zune 8-Gig Disassembled Live

Possible Hizbullah Mole Inside the FBI and CIA

US Mobile Operator Discounts for Developers, IT Pros and MSPP Partners

Computer Security Consultant Controlled 250,000 Compromised PCs

Other Resources