Page 7 of 11 FirstFirst ... 34567891011 LastLast
Results 121 to 140 of 207

Thread: question

  1. #121
    Certified SG Addict CableDude's Avatar
    Join Date
    Jun 2001
    Posts
    26,786
    Quote Originally Posted by 9mmprincess View Post
    Hi CableDude
    Good evening.

  2. #122
    Certified SG Addict CableDude's Avatar
    Join Date
    Jun 2001
    Posts
    26,786
    Quote Originally Posted by YARDofSTUF View Post
    Baylor University
    NOD32 is a valuable tool in my malware research efforts. NOD32 is unobtrusive, efficient and highly effective. NOD32 identifies previously unknown malware variants with impressive reliability. NOD32 2.7's discovery capability for cloaked rootkits adds a valuable tool for malware research as-well-as an important defense measure for both personal computers and enterprise-class servers.

    Prof. Randal Vaughn



    I don't have 2.7 so I can't vouch for this.

  3. #123
    Revenant 9mmprincess's Avatar
    Join Date
    Nov 2003
    Location
    out where the lions roar
    Posts
    1,756
    so the sweeper thing found three high level threats - two things that could let ppl remotely access/monitor my puter, and one it called "possible rootkit". I quarantined all of them.
    There is security in fearlessness.

  4. #124
    Certified SG Addict CableDude's Avatar
    Join Date
    Jun 2001
    Posts
    26,786
    Quote Originally Posted by 9mmprincess View Post
    so the sweeper thing found three high level threats - two things that could let ppl remotely access/monitor my puter, and one it called "possible rootkit". I quarantined all of them.
    Good. Possibly this was slowing done the puter.

  5. #125
    Revenant 9mmprincess's Avatar
    Join Date
    Nov 2003
    Location
    out where the lions roar
    Posts
    1,756
    Quote Originally Posted by ghettoside View Post

    b)
    ...>Performance>Settings>Advanced-

    3 changes:

    Processor Scheduling
    and Memory usage

    "Adjust for best performance"

    Virtual memory

    It's prolly set to "system managed size". Select Custom and give yourself say 599 min and 600 max. That should work good- considering photoshop (which uses RAM, virtual memeory, and it's own scratch disc)

    Try those little adjustments. I'll be back later for some more in depth suggestions.
    For the Processor Scheduling and Memory usage, it doesn't give me that option, it just gives me two options: for the processor, either programs or background services, and for memory usage, either programs or system cache....

    about the virtual memory.. I had it at minimum 1000, max 2000.. i figured the more the better... is that not true?
    There is security in fearlessness.

  6. #126
    Senior Member ghettoside's Avatar
    Join Date
    Mar 2003
    Location
    At Large in the US
    Posts
    5,134
    Quote Originally Posted by CableDude View Post
    I thought NOD could detect rootkits?
    AVs are getting better at it. Rootkits operate outside the win API, and until fairly recently, most av couldn't detect them.

    Quote Originally Posted by CableDude View Post
    Baylor University
    NOD32 is a valuable tool in my malware research efforts. NOD32 is unobtrusive, efficient and highly effective. NOD32 identifies previously unknown malware variants with impressive reliability. NOD32 2.7's discovery capability for cloaked rootkits adds a valuable tool for malware research as-well-as an important defense measure for both personal computers and enterprise-class servers.

    Prof. Randal Vaughn. ...
    Nice find bro.

    I would still scan w/ Webroot periodically, and use the real time when browsing. 9mm's box should handle it easily once it's cleaned off.
    Quote Originally Posted by Norm View Post

    There are idiots everywhere.

    At work, in forums, in poetry classes, everywhere!

  7. #127
    Senior Member ghettoside's Avatar
    Join Date
    Mar 2003
    Location
    At Large in the US
    Posts
    5,134
    Quote Originally Posted by 9mmprincess View Post
    so the sweeper thing found three high level threats - two things that could let ppl remotely access/monitor my puter, and one it called "possible rootkit". I quarantined all of them.
    Post the threat names please.

    I have never had a false positive for rootkits w/ webroot. When in doubt, I suggest google the threats. If you confirm something is malicious- then delete. Let's find out what ya have there...

    I suspected a rootkit. I should have the Amazing Kreskin as my avatar tonite. lol.

    Quote Originally Posted by Norm View Post

    There are idiots everywhere.

    At work, in forums, in poetry classes, everywhere!

  8. #128
    Senior Member ghettoside's Avatar
    Join Date
    Mar 2003
    Location
    At Large in the US
    Posts
    5,134
    Quote Originally Posted by 9mmprincess View Post
    For the Processor Scheduling and Memory usage, it doesn't give me that option, it just gives me two options: for the processor, either programs or background services, and for memory usage, either programs or system cache....

    about the virtual memory.. I had it at minimum 1000, max 2000.. i figured the more the better... is that not true?


    ooops!

    I was on the phone while posting. Sorry.

    Select programs. Default is background services and system cache in SP1 I beleive.

    Somebody could've gotten that while I was out... Ya'll know how I am lately w/ brain farts and all.

    If you have the disk space for 2 Gb, sure. I'd set the min for 1999 tho.

    I'll be sure to not over extend myself next time 9mm.
    Quote Originally Posted by Norm View Post

    There are idiots everywhere.

    At work, in forums, in poetry classes, everywhere!

  9. #129
    Senior Member ghettoside's Avatar
    Join Date
    Mar 2003
    Location
    At Large in the US
    Posts
    5,134
    Kreskin w/ ADD! (attention deficit disorder)

    Quote Originally Posted by Norm View Post

    There are idiots everywhere.

    At work, in forums, in poetry classes, everywhere!

  10. #130
    Revenant 9mmprincess's Avatar
    Join Date
    Nov 2003
    Location
    out where the lions roar
    Posts
    1,756
    Quote Originally Posted by ghettoside View Post
    Post the threat names please.


    it doesn't give me a name for the rootkit one, it just says "potential rootkit-masked files" :/
    There is security in fearlessness.

  11. #131
    Second Most EVIL YARDofSTUF's Avatar
    Join Date
    Nov 2000
    Location
    USA
    Posts
    69,988

  12. #132
    Revenant 9mmprincess's Avatar
    Join Date
    Nov 2003
    Location
    out where the lions roar
    Posts
    1,756
    Um...holy ****



    There is security in fearlessness.

  13. #133
    Revenant 9mmprincess's Avatar
    Join Date
    Nov 2003
    Location
    out where the lions roar
    Posts
    1,756
    The Windows API treats key names as null-terminated strings whereas the kernel treats them as counted strings. Thus, it is possible to create Registry keys that are visible to the operating system, yet only partially visible to Registry tools like Regedit. The Reghide sample code at Sysinternals demonstrates this technique, which is used by both malware and rootkits to hide Registry data. Use the Sysinternals Regdellnull utility to delete keys with embedded nulls.

    I'm sorry, but this is greek to me. so now what? I don't quite get what I'm supposed to do next - it says examine the results to see if it's really a rootkit - I read the page and am still not sure how to do that. and "Search the net for removal instructions"...search what, exactly?

    can someone recommend a rootkit detector that will get rid of them for me?
    There is security in fearlessness.

  14. #134
    Revenant 9mmprincess's Avatar
    Join Date
    Nov 2003
    Location
    out where the lions roar
    Posts
    1,756
    well... from what I am reading, it's really hard to get rid of rootkits, it can make your system unstable, you should reformat, ect ect. I found my disks... I guess I'm going to reinstall :/ Pls wish me luck.

    *crosses fingers*
    There is security in fearlessness.

  15. #135
    Revenant 9mmprincess's Avatar
    Join Date
    Nov 2003
    Location
    out where the lions roar
    Posts
    1,756
    I havent reinstalled yet.. is there a way I can get rid of the rootkits?
    There is security in fearlessness.

  16. #136
    Senior Member ghettoside's Avatar
    Join Date
    Mar 2003
    Location
    At Large in the US
    Posts
    5,134
    Notify the Guiness Book of World Records, I think 9mm now holds the record for being infected by the most rootkits.

    9mm-

    Imho, do a clean install.

    Download all driver packages for your Sony Vaio PCG-GRZ660.

    make sure you have the drivers for your LAN!

    Download XP SP2

    link

    Download autostreamer link

    A little info for slipstreaming. There are also more links to the service packs on this page.

    Download the trial version of ultra iso. you need an app capable of burning an iso. link If you have Nero- that will work.

    Create and burn an iso of your drivers, autostreamer, ultra iso and anything else that'll fit on a cd. Webroot trial, Nod trial, spywareblaster, spybot, etc... so you can install all that stuff before you ever try to go online.

    Create and burn an iso of all your personal files. Break them into multiple cd's if ya have to.

    create and burn an iso of sp2, on it's own disc

    follow the instructions for slipstreaming sp2 into an install disc. (using autostreamer)

    I'm home early. I had the day from hell today and I'm headed for a nap. I'll be back online in a few hours.
    Quote Originally Posted by Norm View Post

    There are idiots everywhere.

    At work, in forums, in poetry classes, everywhere!

  17. #137
    Senior Member ghettoside's Avatar
    Join Date
    Mar 2003
    Location
    At Large in the US
    Posts
    5,134
    disable your LAN before you start creating iso's and burning. Disable and restart.

    check the discs for burn errors before you proceed.

    boot cd


    Burn that iso.

    When you're ready to reinstall, boot up from that disc. At the command prompt enter Wipe 0 and confirm you want to wipe the hdd. Wipe 1 would wipe your slave... 0 is the first drive, etc...

    You want to wipe the hdd, including boot sector. I've seen a virus survive format before.

    You could prolly backup to your slave, but you better scan it thoroughly before you do the reinstall.

    All this is of course if you want to reinstall. I beleive that is the best thing for you to do. You've got massive infections and God only knows what all on your sys since you were unprotected.
    Quote Originally Posted by Norm View Post

    There are idiots everywhere.

    At work, in forums, in poetry classes, everywhere!

  18. #138
    Senior Member ghettoside's Avatar
    Join Date
    Mar 2003
    Location
    At Large in the US
    Posts
    5,134
    Quote Originally Posted by YARDofSTUF View Post
    Quote Originally Posted by Norm View Post

    There are idiots everywhere.

    At work, in forums, in poetry classes, everywhere!

  19. #139
    Senior Member ghettoside's Avatar
    Join Date
    Mar 2003
    Location
    At Large in the US
    Posts
    5,134
    Quote Originally Posted by 9mmprincess View Post


    it doesn't give me a name for the rootkit one, it just says "potential rootkit-masked files" :/
    these all have to go

    I also forgot- that bootcd... there's a file on it "hdwipe.com". It's a series of machine debug commands that will wipe the mbr. That file will set off your av. just a heads up, it's not a virus or trojan. It wipes (overwrites w/ hex00) the mbr. Somewhere there's a MS KB listing those debug commands, which can be entered from a command prompt or made into an executable file. "hdwipe" runs silent. I got it from Norm a few years ago.
    Quote Originally Posted by Norm View Post

    There are idiots everywhere.

    At work, in forums, in poetry classes, everywhere!

  20. #140
    Revenant 9mmprincess's Avatar
    Join Date
    Nov 2003
    Location
    out where the lions roar
    Posts
    1,756
    *sigh* oh boy. Thanks Ghettoside. I'll see what I can do.. my burner is cranky and only burns when it feels like it, so I'm not sure I can do all that.. Is getting SP2 really crucial?

    better yet, can you come over and do it for me?



    I may just end up reinstalling with my recovery cds like I usually do.. I mean thats better than nothing, right?

    I'm just not confident at all that I can do all that stuff without messing it up even more.
    There is security in fearlessness.

Similar Threads

  1. EnablePMTUDiscovery Question & MTU of 1492 Question
    By singularity2006 in forum Broadband Tweaks Help
    Replies: 2
    Last Post: 12-28-06, 12:19 PM
  2. Ask a stupid question, get a stupid answer
    By Chris in forum General Discussion Board
    Replies: 97
    Last Post: 09-06-06, 07:32 AM
  3. Question about network setup and speed
    By nyrfan in forum Networking Forum
    Replies: 1
    Last Post: 03-04-06, 11:36 AM
  4. How would you answer this question?
    By Lefty in forum General Discussion Board
    Replies: 37
    Last Post: 12-08-05, 10:45 AM
  5. Question, from one that never has a question...
    By Mad_Haggis in forum Distributed Computing
    Replies: 3
    Last Post: 09-17-05, 10:00 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •