Someone tries to post a helpful PSA type message and predictably the comments section is immediately flooded with people who have nothing of any value to say, but can't help but be assholes and make some kind of stupid "Windoze $ux!" type comment. We're all happy that Linux, macOS, or whatever the fuck else you might be using works for you, now kindly take your insecurities back to Linux or Mac forums where you can blissfully live out the rest of your days in a happy echo chamber where no one will ever chal
Here's the problem. "Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help."
I have never in my life ever heard of any type of malware or code that can be written that can:
"Be removed with human assistance" that cannot be removed by a program.
If someone were even a mildly competent "security researcher", they would write a script or a program that would do the removal that is needed as well as provide detailed ins
I have never in my life ever heard of any type of malware or code that can be written that can:
"Be removed with human assistance" that cannot be removed by a program.
Those have been around for over a decade.
They work by replacing some core part of the OS, like the SATA driver or the filesystem driver. That makes it impossible for anti-virus software to clean the infected files, because the rootkit can block writes to those files and hand the AV software clean copies when it scans them. They operate at such a deep level, running inside the kernel, that the best AV software can do is detect their secondary effects and try to suppress them.
I ran across a particularly devious malware tactic recently. The malware was purposely setting the NTFS "dirty" flag repeatedly, so the filesystem was flagged as needing repair. That, in turn, prevented most of the bootable virus cleanup/recovery discs from cleaning the system. They'd boot up but report they could only mount the target filesystem as "read only" because it was damaged and needed to be repaired first!
This is why we can't have nice things (Score:1)
Someone tries to post a helpful PSA type message and predictably the comments section is immediately flooded with people who have nothing of any value to say, but can't help but be assholes and make some kind of stupid "Windoze $ux!" type comment. We're all happy that Linux, macOS, or whatever the fuck else you might be using works for you, now kindly take your insecurities back to Linux or Mac forums where you can blissfully live out the rest of your days in a happy echo chamber where no one will ever chal
Re: (Score:3)
"Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help."
I have never in my life ever heard of any type of malware or code that can be written that can
"Be removed with human assistance" that cannot be removed by a program.
If someone were even a mildly competent "security researcher", they would write a script or a program that would do the removal that is needed as well as provide detailed ins
Re: (Score:5, Informative)
I have never in my life ever heard of any type of malware or code that can be written that can :
"Be removed with human assistance" that cannot be removed by a program.
Those have been around for over a decade.
They work by replacing some core part of the OS, like the SATA driver or the filesystem driver. That makes it impossible for anti-virus software to clean the infected files, because the rootkit can block writes to those files and hand the AV software clean copies when it scans them. They operate at such a deep level, running inside the kernel, that the best AV software can do is detect their secondary effects and try to suppress them.
The only way around this is to ma
re: Another devious malware trick (Score:3)
I ran across a particularly devious malware tactic recently. The malware was purposely setting the NTFS "dirty" flag repeatedly, so the filesystem was flagged as needing repair. That, in turn, prevented most of the bootable virus cleanup/recovery discs from cleaning the system. They'd boot up but report they could only mount the target filesystem as "read only" because it was damaged and needed to be repaired first!
Re: (Score:2)
Thanks, I hadn't seen that one but will look out for it.