Jump to content
Sign in to follow this  
infosponge

Rootkits

Recommended Posts

How effective is SAS in detection/removal of Rootkits?

Does this process take place during First Chance Prevention?

More importantly, if nothing is found during scan or FCP should I feel reasonably secure that I have none on my system?

I know there are stand alone products on the market but in your opinion, am I covered with SAS only? :)

Thanks

Share this post


Link to post
Share on other sites

I'm a computer technician that disinfects systems on a daily basis. Most of these computers are running AVG Free Edition, Norton, or Mcafee.

When disinfecting a system, the first tool I reach for is SAS. If the infection is severe, I'll follow up with either Ewido's or BitDefender's online scan. There are a few other techniques I use, but the above will suffice in almost all cases.

I've been installing SAS Pro on my customer's computers for many months now. Along with some education from me in regards to safe surfing and downloading habits, SAS is all they're running. I keep in contact with these customers, and so far they have had no further malware issues.

Share this post


Link to post
Share on other sites

You're welcome.

As far as rootkits go, SAS has removed many for me. Here is one from a SAS scan that I did yesterday on a highly infected computer running AVG free (I saved and printed out the log for my customer):

Trojan.Rootkit-TnCore/Installer

E:\WINDOWS\SAMMY3.EXE

Trojan.Rootkit-TnCore

E:\WINDOWS\SYSTEM32\DRIVERS\CORE.SYS

The rest of the log was malware hell.

Share this post


Link to post
Share on other sites

This is where I totaly miss the boat.

When a rootkit is found in a file such as the one you illustrated which was

E\windows\system32\drivers\core.sys

Could an essential file also be deleted as well?

This is where I don't know what I'm doing. :shock:

Thanks

Share this post


Link to post
Share on other sites
This is where I totaly miss the boat.

When a rootkit is found in a file such as the one you illustrated which was

E\windows\system32\drivers\core.sys

Could an essential file also be deleted as well?

This is where I don't know what I'm doing. :shock:

Thanks

It's pretty unlikely based on the accuracy of the definition files. Although for a definitive answer in specific regards to SAS, Nick would be the guy to ask.

Share this post


Link to post
Share on other sites

Seth,

Not quite sure when you say it's unlikely because of the accuracy of the definition files.

This is also a little above my head!

Based on your recommendation, I'll pose the same question to Nick.

If you delete any kind of spyware that lays within a file, would you delete the file as well as the rootkit or any other kind of malware?

What if it is attached to a registry key as I think rootkits can sometimes do.

Seth it does sound to me that if you deleted one of your customer's important files, you would have gotten a distress call.

Still, the final word here woud be interesting. :)

Thanks Nick

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×