-
today I booted up the XP box, and farly quicly after the boot my Modem firewall reported this :
TCP- or UDP-based Port Scan 4 Jeudi 15 Décembre 2011 22:53:01 public myIP:50373 source: 89.2.0.1:53
-
I will PM you a link to a W7 recovery/repair iso image. Burn it to cd and boot from it to enter the W7 RE. Its from there we will write a new mbr. This will take care of the problem assuming its a mbr rootkit. Also pull off any files you dont want to lose as a precaution and i will find a good set of instructions to follow.
Did you get this:
ISO image of the official install from digitalrivercontent.net
-
hi shelf life,
thanks for the link and all your help here.
In fact given all the problems I did get, what I plan is migrate to Linux for both W7 and XP box.
I will install a CentOS 5 distribution (that I know already a bit), and use a vitrual environement like Xen or VM virtual Box to install windows if I need it.
Once my data are backed-up on the NAS I will do a low level format of the disks I dont' trust, and install from there uising Ext3 file system.
Do you have any recomendations ?
>Did you get this:
>ISO image of the official install from digitalrivercontent.net
Not yet. do you have anything to say about this ?
bellow is a link to a very interesting tool to do in-depth live memory analysis
http://www.mandiant.com/products/free_software/redline/
I did an analysis with it on my W7 box, but I am not experienced enought to really analyse the results.
If you are interested I can send you a download link to get the result of the run it's a 100Mb zip.
bye
philippe
-
Your Welcome. Not familiar with CentOS. I am somewhat of a distro hopper and I am using Fedora right now.
Sounds like a good plan. Malware is going deeper and deeper in to the OS and becoming increasingly difficult to detect and remove. Seeing more and more rootkits now also.
HD vendors make tools you can download and use for diagnostics and to do a low level reformat.
I've used Western Digitals utilities to wipe a drive. G-parted will also wipe a drive but I dont think its a 'low level'.
I asked about the official iso image because I didnt want you to do anything until you had that. Just in case the fixmbr failed then you at least would have a reinstall disk to use.
Sure send the link to your results, I would like to see them.
-
hi shelf life,
>Your Welcome. Not familiar with CentOS.
CentOS is used by some hosting providers and I use it in a server context.
>Sure send the link to your results, I would like to see them.
hi here is the link to the result:
http://oron.com/vcsgs4tmyuqo
>HD vendors make tools you can download and use for diagnostics and to do a >low level reformat.
Ok, I got it. will this process erase the MBR or do I need to erase it manually ?
>I asked about the official iso image because I didnt want you to do anything >until you had that. Just in case the fixmbr failed then you at least would have >a reinstall disk to use.
So I can safely dowload it to use it for the VM.
bye
philippe
-
hi,
A low level format or writing zeros to a drive will wipe out the MBR.
I saw your results, didn't sift through all of it, but didn't see anything conclusive. Had to install .NET framework to use it. Good Luck
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
