Best way to fix windows xp computer that has rootkit backdoor using LInux
- Thread starter tizaac
- Start date
rrplay
Distinguished
- Oct 7, 2010
- 65
- 0
- 18,640
If you want to try some live rescue cd's check this out http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
Kaspersky Rescue CD
BitDefender Rescue CD based on Knoppix
F-Secure Rescue CD
Avira Antivir Rescue Disk
and other info for creation of live cd or USB drives to clean & scan on that page to get you going
sometimes and this is very real ... the only way they can be removed is buy using a live cd rather than having the Win system boot the HD
if you need more help or info let us know
Kaspersky Rescue CD
BitDefender Rescue CD based on Knoppix
F-Secure Rescue CD
Avira Antivir Rescue Disk
and other info for creation of live cd or USB drives to clean & scan on that page to get you going
sometimes and this is very real ... the only way they can be removed is buy using a live cd rather than having the Win system boot the HD
if you need more help or info let us know
wages
Distinguished
- Jan 16, 2011
- 4
- 0
- 18,510
I am confused by your title. Are you asking how to clean a Windows machine using a Linux machine?
Either way, if you suspect that your machine has a rootkit then your ONLY sensible option is to completely reinstall the OS from known secure media. You will most likely not be able to detect or even remove a rootkit. Your machine is irreparably compromised and I hope that you have the data backed up.
you have got to be joking.. out of 100s of virus machines , malware, root kits i clean on a weekly basis i have had only a hand full that have been so far gone they could not be repaired. A root kit is not the end of the world to your machine " tho im finding it hard to believe your able to detect and know for sure you have a root kit and not have the ability to just remove it manually in the first place "
honestly i use linux as my main pc for home computers but when it comes to cleaning up a windows machine its so much faster to do it by hand most of the time but it can be nice to use for just 1 i.e. trinity rescue kit or something "set it and forget it" but its long.. very long to scan multiple times.
If you have an xp machine then just "if you can stay in the gui" clean all the temp files out of your drive use ccleaner or something.. then run "combofix.exe" (wont work on win7 only vista and xp) after that's completed run malware bytes and that honestly should take care of 90% of your work except the root kit.. use reveller etc etc find out which kit it is and look up manual removal steps.. honestly if you know you have a root kit you should have the name and things to search for already... if you only think its a root kit, try the first 3 scanners and see if your truly clean.
chamaecyparis
Distinguished
- Nov 21, 2010
- 321
- 0
- 18,810
Rhetorical Q: why is this asked in a Linux forum? Could it be because most so-called Windoze geeks don't know squat about Lilnux, just that it works? Then they insult us, if we allow it (in our own heads).
For future reference -- clonezilla ( http://clonezilla.org/ ) ; system rescue cd And show some respect for those who answer your questions sincerely and with good intent!
Look here LOL!
wages
Distinguished
- Jan 16, 2011
- 4
- 0
- 18,510
Wongfei, you must be unaware of what a rootkit can be:
"Kernel rootkits can be especially difficult to detect and remove because they operate at the same security level as the operating system itself, and are thus able to intercept or subvert the most trusted operating system operations. Any software, such as antivirus software, running on the compromised system is equally vulnerable. In this situation, no part of the system can be trusted.
A rootkit can modify data structures in the Windows kernel using a method known as direct kernel object modification (DKOM). This method can hook kernel functions in the System Service Descriptor Table (SSDT), or modify the gates between user mode and kernel mode, in order to cloak itself. Similarly for the Linux operating system, a rootkit can modify the system call table to subvert kernel functionality."
Wipe the machine. Here is a good book if you are interested in learning about rootkits (for Windows):
http://www.amazon.com/Rootkits-Subverting-Windows-Greg-Hoglund/dp/0321294319/ref=sr_1_1?ie=UTF8&qid=1295696822&sr=8-1
"Kernel rootkits can be especially difficult to detect and remove because they operate at the same security level as the operating system itself, and are thus able to intercept or subvert the most trusted operating system operations. Any software, such as antivirus software, running on the compromised system is equally vulnerable. In this situation, no part of the system can be trusted.
A rootkit can modify data structures in the Windows kernel using a method known as direct kernel object modification (DKOM). This method can hook kernel functions in the System Service Descriptor Table (SSDT), or modify the gates between user mode and kernel mode, in order to cloak itself. Similarly for the Linux operating system, a rootkit can modify the system call table to subvert kernel functionality."
Wipe the machine. Here is a good book if you are interested in learning about rootkits (for Windows):
http://www.amazon.com/Rootkits-Subverting-Windows-Greg-Hoglund/dp/0321294319/ref=sr_1_1?ie=UTF8&qid=1295696822&sr=8-1
Facebook
Twitter
Instagram