Memory Hacking Software

[gibxam]

Hello L. Spiro,

I have been infiltrated by a rootkit. When I run my virus scan it finds it and shows me the location but then when I try to navigate to it, the file is hidden. Then upon deleting it, if I run the scan again the same file comes up. If I leave the file alone for several hours the I will get tons of malware installed via the rootkit. Then if I delete the malware everything will be deleted but the Seneka rootkit will remain and cause the same cycle over again. I have tried to use F-Secure Blacklight to find the rootkit however to no avail. Please help me with this.

Max

[Explicit]

Firstly, download HiJackThis: http://www.trendsecure.com/portal/en-US ... ckThis.exe and post the log onto here.

Try SmitFraudFix:
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

You can also try Malwarebytes' Anti-Malware as an alternative, if SmitFraudFix doesn't seem to work for you:

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end of the installation, be sure to check/mark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

[L. Spiro]

The most basic solution is simply to try various anti-virus software (real ones) until one of them gets rid of it.
Nothing you do manually will be easier than that. Otherwise you can write a script to repeatedly delete the file and close the process related to the file (whatever is creating the file, which is usually a script run via a .BAT file that loops infinitely, reloading the script if it ever gets closed).


SpyBot sometimes picks up on these types of things, but it is not specialized as an anti-virus.


L. Spiro

[minorutono]

If its really unbearable (and it sounds like it is), and the other methods don't work, you can always reformat your HD. >..<

[gibxam]

Thank you for all your help, I actually found out that SUPERAntiSpyware had specifically updated their definitions to handle the seneka rootkit; from my research they are the only people who can remove it, even my $60 webroot AV AS software could only identify but not remove the rootkit. In any even combing the two together as well as some research on my own I have safely cleaned my computer.

After this whole ordeal I am very interested in Rootkits and spyware. Does anyone know anywhere to find credible and safe information on both? Also can MHS be used for virus and spyware removal or detection at all?

Thanks,

Max

[tiduswong]

im curious about wad u sayed

can MHS be used for virus and spyware removal or detection at all?

i wonder about that it read the memory and process but how does it for removing the spyware and rootkit? Can please L.Spiro answer that question?

[SpeedWing]

try m'bam antimalware

[L. Spiro]

I have used MHS to remove viruses from my own and others’ computers before.
Scripts can be used to detect and remove anything, and I have found that my kernel bypasses, especially the AAC knobs, are stronger than any virus trying to hide itself.
MHS can also be used to terminate processes that refuse to terminate via Task Manager. Just open the process and scramble its RAM, causing it to crash.

Viruses are also easy to spot via the All list, which shows window names (and it lists virus programs even if they are trying to hide themselves). Window names are an easy way to tell if a process is really what it says it is. iexplore.exe is sometimes not Internet Explorer, but a virus, for example.


L. Spiro

[tiduswong]

How do i know that example iexplore.exe is not the real one and is a virus? And i wondering is there a virus that make your computer laggy/hanging? My vista consider almost full left 10 GB space before its normal no lagging starting at this year Feb the com starting become laggy and hang/not responding almost all the program..

[minorutono]

How do i know that example iexplore.exe is not the real one and is a virus? And i wondering is there a virus that make your computer laggy/hanging? My vista consider almost full left 10 GB space before its normal no lagging starting at this year Feb the com starting become laggy and hang/not responding almost all the program..

Yep, viruses prioritize themselves higher then any other process normally. Viruses will make you lag.

[gibxam]

L. Sprio do you think you could do one of these examples for us in the scripts section? Or maybe an addition to the help file

[L. Spiro]

They are very simple; I don’t think you need an example.

In one case, all I did was use the SearchDir function to find all files of a type and delete them. I put this in a while loop so it would delete them over and over.
Meanwhile I used On_ProcessIsOpening() to kill the bad program as it opened (it was set to open repeatedly for forever).

I also had a loop to delete the virus, which you can only do when it is closed, and you can not do it by hand since it automatically restarts after being closed. That is why you need loops to do these actions repeatedly very rapidly.


Eventually the timing was just right and it was deleted. Even with scripts it takes a few seconds or minutes to get the files really deleted because the timing has to be perfect.


L. Spiro

[WhiteHat]

It crossed my mind that some version later of MHS will have some kind of powerful and easy-to-use anti-virus but that will be out of MHS character (?)...

[gibxam]

L. Spriro, I understand how to implement the functions I just don't know how I can tell if it is a bad program. What are some tell-tale signs of a rootkit or virus that I could detect with MHS? Thank you as always for your valuable information.

Max

[spunge]

You would have to have quite a bit of knowledge in Win32 API to be able to tell what the program is doing.