Rootkit Revealer was made by Marc Russinovich (Sysinternals) after he uncovered Sony's plot to install Root Kits as a drm measure Sony BMG CD copy protection scandal - Wikipedia, the free encyclopedia.
I haven't used it with W7 yet
I guess I'm paranoid then since it never happened on my system so far (knock on wood) I'm only the poor sod who's on call
-DG
I agree with what you say, jav, that the a/v vendors need to be careful to avoid false positives. The other problem is the rapid rate the rogues are distributed. They cannot be added to detection until the vendors have the appropriate file information to add to the dat files.
Rogues do more than just attempt to extort payment. Rogues are trojans and have been known to:
- Prevent downloading to the infected computer
- Change IE settings
- Disable Antivirus Software
- Disable the Security Center
- Download additional malware
- Add redirects to the HOSTS file (effectively blocking not only Microsoft sites but also security vendors and even security help forums)
Mother In law just had this on her pc few days ago, She runs windows XP Pro, I've had this also on windows XP Pro but ( touchwood ) not on my windows seven, What a nightmare It was recovering her pc from this I can tell you, 46 Trojans In total!!
The good thing is windows 7 seems to be much less susceptible to the rogue AVs
You can copy/paste taskmgr.exe (Task Manager) from the system 32 folder to desktop and rename to iexplore, explorer or firefox and it should come up if an exe killing rogue is active allowing you to use Task Manager to kill the rogue's process and get a scan going with Malwarebytes or other apps.
Yes, sorry.
I was wrong in a way.
But most functions you have mentioned has evolved in order for Rogues to protect themselves. So, it's not actually their main task but just self-protect precautions.
Yes, this one needs special mention.[*]Download additional malware
And it is actually malicious thing they do and which happening very often.
Anyway I was wrong to say they don't do acting. Regardless what their motivation is, they really do actions you have mentioned.
I wouldn't say it is self-protection, but also to 'sell' the issue to uneducated computer users who are scared into just believing the problem exists. As viruses would also try and prevent tools from removing them as well.
I want to test a few different AV/anti-malware combinations on one of my computers.. If someone knows a site that's serving up a rogue av.. PM me with the link.. having a hard time finding one
Meh... If you really want to try and get yourself infected... Try the following searches:
Search for Lyrics - Strangely enough a lot of crappy lyrics sites.
Search for MP3s - Particularly popular music MP3s you can get for free
Porn - Invariably, some really lame Porn sites will also have some form of malware.
Game Cracks - Which tend to also invariably lead to porn ads and other crap you don't need.
Avian/Swine Flu - Silly as it may seem, the latest disease scare means people worried about it will invariably look it up and get hit.
There's a good reason for my wanting to do it.. I get quite a few customers with rogue AV infections (almost all of which are XP systems), and I want to find an easier way to remove them, and hopefully find a completely free AV/AM combination that stops them beforehand. Besides, I can reinstall from an image in about 20 minutes and I have several computers to work with, so I'm not really worried about it
... tried the above suggestions... took me 5 minutes to find some infected sites.. all of which were blocked by malwarebytes RT scanning
Quote