5

How do I remove a rootkit without an anti-rootkit program? [closed]

view full story
linux-howto

http://serverfault.com – Possible Duplicate: My server's been hacked EMERGENCY Windows 2000 Server. I believe I have a rootkit. But, nothing will remove it. I've tried everything. Even tools that are merely for scanning fail or bsod the computer. Since nothing works, I wanted to try and do it manually. edit: This is a Windows 2000 Server Forest Root. I cannot rebuild it without blowing up the domain. (HowTos)

xskl's picture
Submitted by xskl on 05/15/2012 – Made popular on 05/15/2012

Stories similar to How do I remove a rootkit without an anti-rootkit program? [closed]

Possible Rootkit problems 2 years 22 weeks ago

I don't like the looks or this: X-Org SunOS Rootkit [ Not found ] zaRwT.KiT Rootkit [ Not found ] ZK Rootkit [ Not found ]

Performing additional rootkit checks Suckit Rookit additional checks [ OK ] Checking for possible rootki

Rootkit questions 34 weeks 2 days ago

Before anyone says anything, I know it is ridiculously unlikely for me to ever encounter a rootkit accidently. The reason I am asking is because I am in charge of securing linux machines in a cyber defence competition my school is competing in.

There's a Rootkit in the Closet -- lovely explanation of finding and isolating a rootkit, reconstructing how it got there and deconstructing the rootkit to figure out what it did. It's a detective story, no less exciting than when Cliff Stohl wrote The Cuckoo's Egg. This and more in today's Four Short Links.

Environment:

Windows 2000 sp4 EDIT: Domain Controller with no trust setup with the Win2008 Server Windows XP machines Windows 2008 Server Netapp NAS

Problem:

We have a shared folder that resides on a NAS using a Windows 2008 AD for the authentication with the proper permissions setup.

I am seeing a duplicate name of one of our servers on a Windows 7 Professional 64-bit client but when double checking from a Windows 2000 server this duplicate server name is not present.

What would be causing this anomaly please?

Environment:

Windows 2000 sp4 EDIT: Domain Controller with no trust setup with the Win2008 Server Windows XP machines Windows 2008 Server Netapp NAS

Problem:

We have a shared folder that resides on a NAS using a Windows 2008 AD for the authentication with the proper permissions setup.

I have upgraded to 13.04 desktop. I run rkhunter and chkrootkit once every couple weeks and have never had a rootkit. However, after upgrading, I am showing this: Quote:

Searching for Suckit rootkit... Warning: /sbin/init INFECTED

This is the output from chkrootkit. I have upgraded 3 computers and all show the same.

Hi guys,

Currently our windows 2000 server provides Active Directory,DNS and DHCP services for my small office network.

Also there is an ubuntu server 10.04 that provides samba, proxy (squid) and firewall (shorewall) for the whole network.

The windows 2000 server has being giving a lot of problems regarding performance and service availability (it fails almost every day) so I want to move all o

We have 7 servers currently set out like:

DCServer01 (Domain controller 2k8) Exchange01 (Exchange 2010 - 2k8) Devserver01 (Backup DC 28k) Development01 (Old server - Exchange 2000 - Win svr 2000) SQLServer01 (SQL Server, 2k8) Adserver01 (Old Server - Win svr 2000, DC) Fileserver01 (Old Server - Win svr 2000, DC)

We have a lot of stuff on Adserver01 and Fileserver01 so I'm happy for them to sta