• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Detecting Malware

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Beginners // Misc. Computer Questions

View previous topic :: View next topic  
Author Message
cantthinkofanickname
Just Arrived
Just Arrived


Joined: 04 Nov 2006
Posts: 1


Offline

PostPosted: Sat Mar 13, 2010 9:56 pm    Post subject: Detecting Malware Reply with quote

Is it true that to reliably detect any malware esp. rootkits that one needs to boot into safe mode and then run Norton or McAfee (or whatever) on the C: drive? Or conversely, if that comes up clean there is not malware installed?
Back to top
View user's profile Send private message
RoboGeek
SF Mod
SF Mod


Joined: 13 Jun 2003
Posts: 16777166
Location: LeRoy, IL

Offline

PostPosted: Sun Mar 14, 2010 2:39 am    Post subject: Reply with quote

not true

many rootkits can hide in safe mode as well..

User mode rootkits run when windows runs normally, but not in safe mode. Kernel mode rootkits will run in either - that includes dkom rootkits. If the OS is compromised you CANNOT trust the results of a scanner - you have to manually hunt and kill.

And most of the new malware know when your trying to kill it, so it plays dead for a few days or reboots. Thats why you do not want to run any tools on it until you fingerprint the infection and know exactly what you have. Then you can start killing it. After thats done, run the scanners for cleanup.

I get a ton of work into my shop from other shops that basically run combofix and malwarebytes, get a clean scan, and give it back to the customer. A week later its in my shop...

I haven't seen anything in a year or so without a rootkit attached. Including the virus wifey got last night from facebook with the catchme rootkit. Koobface is rampant there too
Back to top
View user's profile Send private message Visit poster's website
cantthinkofanickname
Just Arrived
Just Arrived


Joined: 04 Nov 2006
Posts: 1


Offline

PostPosted: Mon Mar 15, 2010 10:13 am    Post subject: Reply with quote

OK, thanks for that. I'm in the UK but that's not going to make any difference I suppose (or are rootkits regional)? I suppose that someone brings a PC in to your shop because some obvious symptoms persist. What should I be looking for or if it is hidden and is keylogging me (I'm getting paranoid now but that may be a good thing if it's the rational form)?

I run W7 amd MacAffee and use a limited account for day2day work.

Perhaps there's a site I can go to to learn more?
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Beginners // Misc. Computer Questions All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register