Posted on 04/07/2010 1:22:51 AM PDT by Yosemitest
Summary
(Excerpt) Read more at microsoft.com ...
Spyware Terminator detected it, and it's attempt to remove it wasn't successful.
I had to find a clean copy of "atapi.sys" and save it to my documents. Then I had to use RootRepeal and use its tools to force-wipe the infected copy of "atapi.sys" from two locations.
Registry HKLM\SYSTEM\CurrentControlSet\Services\atapi located at
File: c:\WINDOWS\ServicePackFiles\i386\atapi.sys
After that, I copied and pasted the clean copy of "atapi.sys" into those locations and run a full scan again.
Spyware Terminator then reported:
Process: Rootkit-2660 (Trojan Detected by ClamAV)
Then I scaned again with Spyware Terminator, and it came up clean.
Finally, I run Norton Ghost" and made a clean backup of my computer to an external drive.
Good luck, and I hope you don't have this Nasty RootKit.
It does not show up on my Linux box
Wow
What a project!
Sorry to say it but ,,, get a Mac.
And tell Bill Gates where to get off with his POS DOS system from the 90s that he refuses to bring into the modern world.
hoo boy, stealing your DNS gives virtual carte blanche to the haxors.
BTTT. Thanks for posting!
Which Windows. XP? Vista? 7?
Windows is not based on DOS. At least if you are going to trash Windows, get some facts. Windows hasn’t been DOS based in over a decade.
Yeah get a mac and get an OS from the 70s
And, btw, I can write a malware program that hits Macs or Linux. Why? Because most malware relies on a user clicking on “Sure! I want to install this!”. There is no stopping this breach.
The easiest way to get passwords for systems is to dumpster dive or get into offices after hours. Look under keyboards, in drawers, etc. where people write them down. Security if often not connected with the O/S but with people not taking precautions.
Basically, trashing Windows buys little. Linux is wide-open compared to z/OS. Those both are wide-open compared to a closed system that never connects to the net.
but but but mac has NEVER had a self propagating virus!! really it hasn’t. That must mean its secure.
read later
ping
Mac users are clueless about the threat fro malware writers. If Macs ever get a foothold, they will find out.
I started my career coding in Macs and I have never seen them gain any marketshare because they do not address business needs.
The Mac folks also do not understand computing worth a poop. Apple finally gave up the ghost and switched to Unix and hoped for the best. I have coded on MVS, Unix, and Windows. Nothing compares to Windows in ease of use, hence that is where everything is built. Unix is nice, MVS is sweet (but simple).
How hard would it be for me to write a malware app that asks a user for their username and password then https that unencrypted password out to my web service for harvesting? We can actually throw an event for every keystroke and capture the whole session easily. The mac folks think this is not possible and their O/S protects them from it when it has nothing whatsoever to do with the O/S. A user clicks Ok and their system is mine.
Which was designed from the get-go for multiple hostile users, not one friendly user.
There are still enough Macs and Linuxes that an amphibious or cross system vectoring malware could grab hold right now if it was anywhere close to as easy to get into the Macs and Linuxes as it is to get into most existing Windows installation.
bttt
Viruses are what they are but the threat isn’t there. It is in malware and a user will introduce it w/o even breaking a sweat.
Windows is secure on the latest versions but malware is the game.
“Look! A free copy of Tetris for my Mac!!!! All it does is ask me for a username and password!”
Bingo. Test the uid/password on Quicken, Wells Fargo, Chase, etc.
People get their panties in a wad over a DOS attack. The threat is monetary.
BTW, as a computer guy you should know that Windows of today is based on VMS.
My guess is that the original poster is not running a modern Windows variant or did the click and hope for the best method of implementation.
I do not buy this widespread virus spread we saw in the past (which was a problem, I agree).
“It does not show up on my Linux box’
nor mine ;-)
Me too....
I use both Linux and Windows, and it’s a lot clearer to me in Linux when a security boundary is about to get breached because of how the systems behave. A download, even a drive by download, on Windows can just go hack all my privileged stuff behind my back (password protection is absolutely pitiful). Linux will show some distinct form of annoyance at this, asking me things that nothing decent should ask.
Yeah, but you are a computer guy.
BTW, are you using Windows 7?
An average user can be sucked down the hole of malware easily and there is NOTHING you can do to stop it and still let a system be usable. I can call a web service and pass their uid/pw and you cannot prevent that from happening.
Later, doing some Unix development I was surprised to see VMS code, lifted from fiche probably, the the Unix kernel. Unix/Linux was and is a grad school project. Apache works because it doesn't have to change. Macs work because Apple has always taken the no one but Apple approach. That is why it will never be used extensively in business, except the publishing business. More credit to Apple's business model. They get all sorts of free publicity and have a committed clientele happy to pay fifty percent more for a limited machine.
This trojan looks nasty, but I've never had a trojan, and neither have most people. A firewall will prevent reassignment of DNS addresses. Current antivirus definitions will identify most trojans. Microsoft gives away pretty decent antimalware tools to legitimate customers. Defender and whatever they named the antivirus product seem fine. My dozen systems run Microsoft and BitDefender. I always use Defender. Being a bigot of any platform is an old story. Unix has been taking over for thirty five years now, but Dave Cutler's work, RSX-11, ELN, VMS, Windows after NT, is real engineering excellence. Some of the imitators look promising, such as Mono. Mono will allow the proliferation of truly machine independent tools, based upon Microsoft innovation, a machine independent Intermediate Language with support for over sixty procedural languages. Mono will promote the migration of .Net to markets outside of Microsoft's business domain.
For the record - the overwhelming number of pc are used as dumb termials - cash registers and such.
Where do I go/what do I search for to see if my pc has the trojan? Can’t I just look for a certain file rather than downloading a scanner?
Apple boycotts Glenn Beck, celebrates Ché and generally touts and supports leftist causes. They’ll never see a dime from me.
Nothing keeps people from writing business applications for Apple. The free OpenOffice suite is already available for Windows, multiple Linuxes, and Mac. Business managers just don’t like spending on Mac.
Please forgive my dullness: if you are being sarcastic, then I'm right there with you; if you are being serious, I respectfully point out that your conclusion "its secure" is a bit of a stretch.
Consider this analogy. If I leave my unoccupied home unlocked in a low-crime area and my possessions are not stolen, does that mean my home is more secure? Or merely safer?
I argue the latter.
Just my 2¢
People don’t seem to get that IBM invented everything in computing in the 1950s. We are just tweaking it ;-]
The Mac folks don’t know crap about computing because they play around with cute stuff and don’t realize how it works. “Dude! Check it out! I have a nice salmon matched with an antique white and it looks fab! Let’s PS it and rotate it on the latest advert then have a doob!”
A solid router prevents most stuff w/o the need of a firewall. I use Vipre for most defense now.
Macs have who? .NET has Anders. Pick someone in the Mac community better than Anders. Not going to happen.
Pffftttt on most of the folks out there who have a Mac fanboy poster on their wall. They have no idea how coding works or how computers operate.
Give me lambda expressions or give me death!
Now, THAT is a good stat. Can you document it?
The story, as I understand it, is this.
The VMS guys came up with a new kernal. They asked DEC to support it. The kernal guys were in Seattle. DEC said, move to Boston and we don’t like the idea.
The team lead at DEC went to Bill Gates and said they had an idea for O/S. Bill G said cool, and hired them en masse. Win NT came out which had NOTHING in common with Windows but some screens. But people think they are connected.
You still have folks that think that Windows is based on DOS. It isn’t. It is based on VMS. The last DOS Windows was Windows ME and even it wasn’t that DOS based.
Hence, Win NT, Win 2000, Win XP, Win Vista, Win 7 are all VMS products with a deep lineage. And VMS is a mainframe system with similarities to zOS. It lifted functionality from IBM.
Ah well. Getting gray hair in this industry.
Do a Google/Yahoo/Live search on "Win32/Alureon" and read the stuff available. For example, here's what one security vendor has to say:
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?ID=50214
Also, I'd recommend using Malwarebytes' Anti-Malware. The personal version is free.
BUT DON'T JUST TAKE MY WORD and blithely follow my advice. Please research this yourself. For all you know, I could be someone trying to take advantage of you.
I specifically didn't make the URL to the CA website above a hyperlink so you'd have an opportunity NOT to click a link, but instead would have to copy and paste the URL into your browser. It's not a very good idea to be in the habit of clicking links served up by strangers.
Hope this helps.
I laugh at the Mac freaks how they say they don't even need virus or firewall protection, “Cus, their Mac is soooo bullet proof and flawlessly awesome, that hackers run in fear when they even see the name.”
But, back to the DEC thing. I know a little history about Microsoft myself. How they first went to Altair to get a foothold on developing an OS. And what launched them over the top was them getting the IBM compatible OS that NEC (Japan) was selling worldwide by the Millions.
Apple decided that they would remain exclusive and push red diaper doper baby home computers like the “Wendy”.
(Your rendition of the Mac user was classic, LOL!)
I worked for VMS for DEC, Compaq, and HP. Dave Cutler, the principal architect of Windows NT, left DEC/VMS to work for Microsoft.
Windows NT (WNT) is VMS++. The next letter after V is W, after M is N, after S is T.
Dave had a vision, and DEC did not want to fund development for it. Microsoft offered Dave a great opportunity. As for DEC, Another in a long list of missed opportunities.
Is Win.7 really that much better? And, is this virus able to get into Vista or 7?
“An average user can be sucked down the hole of malware easily and there is NOTHING you can do to stop it and still let a system be usable”
So much truth to this. I am the family “computer guy”. I have had to clean up so many friends and family computers because they have no idea how to keep them secure.
With my close relatives, I finally put them on non-admin accounts. They can’t install anything on their own computers. They have to call me. That has helped a lot. Even so, things periodically get through.
sorry I forgot my /s tag
And what would DEC have been able to run this new VMS on? The nice thing about the series of Windowen is that they were to some extent backwards compatible with previous hardware, AND they were big enough to get new peripherals designed to them that could often be slipped into the old hardware.
Linux, by trying very hard with thousands of volunteers, has been able to embrace most of the hardware that Windows does. That’s the spot VMS would have been in, except without the volunteers.
Most people know that the computer in 2001 A Space Odessey was a play on IBM (computer name HAL is IBM minus one letter — the leter before I is H, before B is A, and M is L). I heard that Windows New Technology (WNT) was a salute to this and VMS (W-1 is V, N-1 is M, T-1 is S).
So Cutler, disappointed in DEC, looked around until he found someone with a product whose name began with “W”
“A user clicks Ok and their system is mine.”
And when you’re dealing with users that is not a hard step.
Designed in the 60s and implemented in the 70s. Ya know before the internet, browsers, java, flash, or just about anything modern.
There were factions in VMS that wanted to port it to x86 as long ago as 1995, maybe even earlier. Was that part of Dave’s vision? I don’t know.
I was involved with the port of VMS to ia64 (itanium).
With ia64 probably going away, the rumor is that VMS will be ported to x86. About 15 years too late.
Of course, there are technological obstacles to overcome; compilers, linkers, and loaders being the first. Then there is the port of applications using the new compilers and linkers.
It’s a huge effort. So I don’t know if it will actually happen.
Yes, it helps. Thank you very much. :)
BSD brought it into the internet age soon enough. Because of UNIX’s device abstraction system, it wasn’t hard, and daemon and user accounts looked alike. Graphics borrowed from MIT’s W system (as UNIX borrowed from MIT’s Multics), which was advanced to X.
As a past VMS user (20 years ago on large VAXen) I agree it would be a cool blast from the past to see it working on Windows/Linux hardware.
Maybe the first port could be a virtual one under Linux.
> Maybe the first port could be a virtual one under Linux.
Once VMS is ported to x86, if that should happen, then you could run it as a virtual guest or on the bare metal x86 platform.
But it needs to be ported to x86 first.
I’m not sure that VMS can be developed under Linux, because of the GPL (GNU General Public License). I did my modelling and development using MicroSoft Visual Studio.
:)
ping
Hopefully that does not mean that VMS requires Microsoft-licensed elements in it.
I do Tier 3 tech support. We're always talking about PEBKACs (Problem Exists Between Keyboard And Chair).
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.