~BD~ <BoaterDave@hotmail.co.uk> wrote in
news:zKGdndhkeLGYCyTWnZ2dnUVZ8sadnZ2d@bt.com:

> Mumia W. wrote:
>> On 04/04/2010 04:01 PM, David Kaye wrote:
>>> [...]
>>> I noted the file date/time and have looked back on this. The exploit
>>> appears to have come from foxnews, officedepot, or officemax -- the
>>> time stamps are within a few seconds of each other and show up right
>>> before the time stamp that was written to the temp directory in my
>>> documents and settings tree.
>>> [...]
>>
>> See this:
>> http://www.broadbandreports.com/foru...om-infected~ti
>> me=1240194878
>>
>>
>>
> The last post in that thread was most telling! Viz:
>
> "Please note people - you may think you removed it, but really did
> not. Malwarebytes and others do not detect Rootkits. You should run
> ROOTKITREVEALER. I thought I had cleaned this, and I had really not.

That's not entirely accurate. Malwarebytes does detect some rootkits. As
do the other programs. Some newer rootkits will prevent rootkitrevealer
and/or gmer from even loading.

> There was a deep and nasty rootkit involved here. Only way to remove
> was to boot off a Windows CD, and delete hidden drivers. I would be
> willing to bet that half the people think they clean this stuff and
> its not really clean."

Not very deep or nasty if you only had to delete files. Yes, I'm sure it
was a pain because you couldn't do it while in windows, but it's still
not what I would call deep.




--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior