Rootkits

[infosponge]

How effective is SAS in detection/removal of Rootkits?

Does this process take place during First Chance Prevention?

More importantly, if nothing is found during scan or FCP should I feel reasonably secure that I have none on my system?

I know there are stand alone products on the market but in your opinion, am I covered with SAS only?

Thanks

[Seth]

I'm a computer technician that disinfects systems on a daily basis. Most of these computers are running AVG Free Edition, Norton, or Mcafee.

When disinfecting a system, the first tool I reach for is SAS. If the infection is severe, I'll follow up with either Ewido's or BitDefender's online scan. There are a few other techniques I use, but the above will suffice in almost all cases.

I've been installing SAS Pro on my customer's computers for many months now. Along with some education from me in regards to safe surfing and downloading habits, SAS is all they're running. I keep in contact with these customers, and so far they have had no further malware issues.

[infosponge]

Seth,

Thank you for that.

I appreciate it.

[Seth]

You're welcome.

As far as rootkits go, SAS has removed many for me. Here is one from a SAS scan that I did yesterday on a highly infected computer running AVG free (I saved and printed out the log for my customer):

Trojan.Rootkit-TnCore/Installer

E:\WINDOWS\SAMMY3.EXE

Trojan.Rootkit-TnCore

E:\WINDOWS\SYSTEM32\DRIVERS\CORE.SYS

The rest of the log was malware hell.

[infosponge]

This is where I totaly miss the boat.

When a rootkit is found in a file such as the one you illustrated which was

E\windows\system32\drivers\core.sys

Could an essential file also be deleted as well?

This is where I don't know what I'm doing.

Thanks

[Seth]

This is where I totaly miss the boat.

When a rootkit is found in a file such as the one you illustrated which was

E\windows\system32\drivers\core.sys

Could an essential file also be deleted as well?

This is where I don't know what I'm doing.

Thanks

It's pretty unlikely based on the accuracy of the definition files. Although for a definitive answer in specific regards to SAS, Nick would be the guy to ask.

[infosponge]

Seth,

Not quite sure when you say it's unlikely because of the accuracy of the definition files.

This is also a little above my head!

Based on your recommendation, I'll pose the same question to Nick.

If you delete any kind of spyware that lays within a file, would you delete the file as well as the rootkit or any other kind of malware?

What if it is attached to a registry key as I think rootkits can sometimes do.

Seth it does sound to me that if you deleted one of your customer's important files, you would have gotten a distress call.

Still, the final word here woud be interesting.

Thanks Nick