Comments on: Rootkit In Spyware? http://www.lockergnome.com/windows/2005/09/12/rootkit-in-spyware/ Technology News, Reviews & How-To Sat, 18 Feb 2012 05:52:00 +0000 hourly 1 http://wordpress.org/?v=3.3 By: Fabio Passaro http://www.lockergnome.com/windows/2005/09/12/rootkit-in-spyware/#comment-8774 Fabio Passaro Fri, 25 May 2007 21:12:36 +0000 http://wp3.lockergnome.com/windows/2005/09/12/rootkit-in-spyware/#comment-8774 Well I have news for you - after a bona fide (or so i thought) windows update on 3 machines 2 days ago - AVG was disabled and then a browsing tool bar and a pop up software kit was installed after the update restart. In the background root-kits and trojan down loaders and key loggers were later found to have been installed. Better still group policies were edited disabling access to task manager and to even turn the PC off - User file was corrupted beyond repair and had to be destroyed as XP Home has no group policy editor to rectify the situation. Subsequent Safe Mode boot scans found 67 root kits installed on one of the machines. Of real note is that one of the infected machines was a bare virgin windows install with NO 3rd party software added aside from legit MS updates. One machine now still has a very benign version of sasser still on it that is proving really troublesome to get rid of. I have now disabled automatic updates on all machines and disabled the BITS service and will update manually from now on. Well I have news for you – after a bona fide (or so i thought) windows update on 3 machines 2 days ago – AVG was disabled and then a browsing tool bar and a pop up software kit was installed after the update restart. In the background root-kits and trojan down loaders and key loggers were later found to have been installed.

Better still group policies were edited disabling access to task manager and to even turn the PC off – User file was corrupted beyond repair and had to be destroyed as XP Home has no group policy editor to rectify the situation.

Subsequent Safe Mode boot scans found 67 root kits installed on one of the machines. Of real note is that one of the infected machines was a bare virgin windows install with NO 3rd party software added aside from legit MS updates.

One machine now still has a very benign version of sasser still on it that is proving really troublesome to get rid of.

I have now disabled automatic updates on all machines and disabled the BITS service and will update manually from now on.

]]>