Comments | njordsifusansoo: i really hate microsoft sometimes

njordsifusansoo

i really hate microsoft sometimes

Feb 23, 2010 12:40

sometime last night, my desktop got rooted. I'm guessing when i was browsing the DragonAge wiki (which means it could of been on a page or from an ad). I'm pretty sure it was from there because I noticed that the java console had popped up, then the "fun" started. ( some details so far )

Comments 4

micrll February 24 2010, 23:18:18 UTC

I got slammed hard about a month ago.
As far as I can tell it came in through my flash player which was not updated and I know has zero day exploits. I'm with the nuke the system and reinstall, thats what I ended up doing. You can never be too sure that you got it out completely.

njordsifusansoo February 25 2010, 03:14:49 UTC

O, I got it all. Ripped out the root kit while in the recovery console. Then took out most of it in safe mode (the parts keeping me from seeing hidden files and turning on system restore). Then back to the recovery console to take out a piece hooked into explorer.exe, followed by some spybot scans coupled with using msconfig to stop it from loading itself at startup. The last thing was to undo the dns hijack which i didn't notice until then because i kept the machine offline until then.

The thing I was most annoyed about this whole experience is that Microsoft allows system restore to be turned off by a registry key that also keeps you from turning it back on (a single registry key had turned it off, and hid the system restore config tab, and did not let you run it directly), without a prompt, and with all restore points lost as soon as its turned off.

micrll February 25 2010, 05:01:51 UTC

I have never liked system restore, mostly I have found in the two times I ran into it was finding that a virus had infected all the previous restore points. So restoring to a previous version would just reinstall the virus.

oakwind44 February 26 2010, 00:13:01 UTC

Most of the registry stuff is left over from the Win9x days when things like services and other more modern system managers weren't in Windows yet. Of course, gods forbid they remove old, buggy, dangerous system settings that aren't used by anything legit anymore.

Windows Firewall doesn't block outgoing connections, only incoming ones (at least the last I checked). Any other firewall program can block outgoing connections, it might be good to stick one of them on your system.

Glad to hear you yanked the root kit, hope your system is able to return to normal state soon. =)