Best Anti Virus (Statistically)

[lordsmurf]

I was under the impression that the rootkit was auto-loaded by software. It doesn't magically just start, something has to initiate the process of installing the rootkit.

[isogonic]

your right it dosnt magically start, but people click here and there, install this, launch that, open this all the time. once on your system they are very hard to detect much less remove. current advice is to wipe the hd and reinstall os

think this guy had a firewall?

11/20/05 02:20:58 [Info]: BlackLight Engine 1.0.25 initialized
11/20/05 02:20:58 [Info]: OS: 5.1 build 2600 (Service Pack 2)

11/20/05 02:21:01 [Info]: Hidden process: C:\WINDOWS\SYSTEM32\GFXL3D32.EXE
11/20/05 02:21:01 [Note]: 4018 864
11/20/05 02:21:01 [Info]: Hidden process: C:\PROGRAM FILES\MESMIZER\PNDIMENG.EXE
11/20/05 02:21:02 [Note]: FSRAW library version 1.7.1013
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\WinGenerics.dll
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\ACE.DLL
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\DATA.BIN
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\SFMTPAPI.EXE
11/20/05 02:21:02 [Info]: Hidden file: C:\PROGRAM FILES\MESMIZER\PNDIMENG.EXE
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\DNS
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00000029_43672e31_0006acfc
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\INDEX
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00004823_43672e94_0002dc6c
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00000124_437521cc_0006acfc
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\0000305e_437521cd_000a4083
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\0000440d_437521ce_00022551
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\0000491c_437521d1_0002625a
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00004d06_437521d3_0001e848
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00004db7_437521d4_00003d09
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00001547_437521d4_00031975
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\000054de_437521d4_00089544
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\000039b3_437521d5_0000f424
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00002d12_437521d5_000632ea
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\0000074d_437521d6_0004c4b4
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00004dc8_437521e2_00029f63
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00006443_437521e6_00029f63
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\000066bb_437521e6_000a4083
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\0000428b_437521e9_000dd40a
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\000026a6_437521ea_0001e848
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\0000701f_437521ea_0006ea05
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00005d03_437521ec_0002625a
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00007a5a_437521ec_000e4e1c
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\0000767d_437521ed_00007a12
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00004509_437521ed_0000b71b
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00001238_437521ed_00053ec6
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00003b25_437521ed_000632ea
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00001e1f_437521ed_00098968
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00006e5d_437521ed_000a4083
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00001ad4_437521ee_000a7d8c
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\000063cb_437521ee_000d1cef
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00006bfc_437521f0_00016e36
11/20/05 02:21:02 [Note]: 4002 0
11/20/05 02:21:02 [Note]: 4003 1
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00007f96_437521f6_0001ab3f
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00007ff5_437521f8_00040d99
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\00004e45_437521f9_0008583b
11/20/05 02:21:02 [Info]: Hidden file: C:\Program Files\Mesmizer\Cache\0000323b_437521f9_00090f56
11/20/05 02:21:24 [Info]: Hidden file: C:\Program Files\Mesmizer\AI_20-11-2005.log
11/20/05 02:21:35 [Error]: 5001 1325976
11/20/05 02:21:37 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\DRIVERS\TMTGHDLR.SYS
11/20/05 02:21:37 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\GFXL3D32.EXE

[lordsmurf]

but people click here and there, install this, launch that, open this all the time.

That's user error. You don't need a virus, trojan, rootkit or anything else to screw up the computer.

[enstg8er]

A rootkit is a special type of malware (malicious software). Rootkits are special because you don't know what they're doing. Rootkits are nearly undetectable and they're almost impossible to remove. Although detection tools are proliferating, malware developers are constantly finding new ways to cover their tracks.

A rootkit's purpose is to hide itself and other software from view. This is done to prevent a user from identifying and potentially removing an attacker's software. A rootkit can hide almost any software, including file servers, keyloggers, botnets, and remailers. Many rootkits can even hide large collections of files and thus enable an attacker to store many files on your computer invisibly.

Rootkits do not infect computers by themselves like viruses or worms do. Instead, an attacker identifies an existing vulnerability in a target system. Vulnerabilities may include an open network port, an unpatched system, or a system with a weak administrator password. After gaining access to a vulnerable system, the attacker can install a rootkit manually. This type of stealthy directed attack does not usually trigger automated network security controls such as intrusion detection systems.

Identifying rootkits can be difficult. There are several software packages that detect rootkits. These software packages fall into two categories: signature-based and behavior-based detectors. Signature-based detectors, such as most virus scanners, look for specific binary files that are known to be rootkits. Behavior-based detectors attempt to identify rootkits by looking for hidden elements, which is the primary behavior of rootkits. One popular behavior-based rootkit detector is Rootkit Revealer.

Once you've identified a rootkit on your system, the remediation options are somewhat limited. Because rootkits can hide themselves, you may not know how long they've been on the system. You also may not know what information the rootkits have compromised. The best reaction to an identified rootkit is to wipe and reinstall the system. Although drastic, this is the only proven method to completely remove rootkits.

Preventing rootkits from getting onto your system is the best strategy you can use. This is done with the same defense-in-depth strategy that you should use to prevent all malware from attacking your computer. Elements of defense-in-depth include virus scanners, regular software updates, a firewall on the host and the network, and a strong password strategy.

http://www.microsoft.com/technet/community/columns/sectip/st1005.mspx

i keep a ghost image to write over trouble if i run into it. [/b]

[isogonic]

the guy had firewall,av and antitrojan apps.
how about "windows error" ms comes out with patches/service packs every other week to patch vulnerabilities.

[Faustus]

but people click here and there, install this, launch that, open this all the time.

That's user error. You don't need a virus, trojan, rootkit or anything else to screw up the computer.

Yeah I know this for sure. I talk to THOSE people every day.