New Sopho's Antirootkit App found Two Insects!

[Virgorising]

Hi.

After having learned here about the MBAM Antirootkit beta, I got it and run it pretty often. It never found anything, but rootkits are now a new paranoia for me. So, I delved and got this new antirootkit freeware.....takes even longer to scan: Sopho's.

Well, I ran it, and it found TWO INSECTS.

It removed them, but now, my paranoia grows AND I highly recommend this Sopho's freeware to all.

http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx

PS: I am very creeped out now, re I had no clue I had these insects.

 

[Virgorising]

Addendum: Been reading about rootkits, and, given their inherent nature, I am not even convinced those two (OMG!) insects are gone.

Bet I use the new app to scan every day. Maybe more than once a day.

 

[Pardus]

You need a can of raid for the "insects"

 

[Virgorising]

You need a can of raid for the "insects"

:biggrin::wub:

And, outstanding suggestion! U think it will short out my WD Black?

How would U know even, Beantown guy? U R under TWO FEET OF SNOW!
____________________________________
PS: Seriously, I think everyone here should (pause gaming and) get and run this freeware. Cause it is possible lots of people have insects and do not know.

And, I have and adore Norton IS, run MBAM and Superanti.....and they never come up with anything. Means I was living in a Fool's paradise.

 

[balloonshark]

How do you know they weren't false positives? Plenty of programs can dig deep into your system or at least they did with Windows XP. In the past Rootkit scanners used to have a lot of FP's. The results also needed to be interpreted by a professional. It was also common to and unplug from the net and kill most of you security software before scanning.

If I had a real malicious rootkit I would also expect there to be other malware on my system. I would nuke the drive and re-image or reinstall Windows. My data drive would also be thoroughly scanned by multiple scanners.

With Steam, Origin, PunkBuster and game DRM on my computer it's hard to tell how they have dug into this machine.

 

[corkyg]

Also - those insects could be PUPs.

 

[Virgorising]

How do you know they weren't false positives? Plenty of programs can dig deep into your system or at least they did with Windows XP. In the past Rootkit scanners used to have a lot of FP's. The results also needed to be interpreted by a professional. It was also common to and unplug from the net and kill most of you security software before scanning.

If I had a real malicious rootkit I would also expect there to be other malware on my system. I would nuke the drive and re-image or reinstall Windows. My data drive would also be thoroughly scanned by multiple scanners.

With Steam, Origin, PunkBuster and game DRM on my computer it's hard to tell how they have dug into this machine.

EXCELLENT POSTULATIONS! It never struck me. I think, cause I am in new paranoid mode re rootkits.

It is absolutely true, I am generally sharp re protection apps, never once, so far had a real infection. and, again, neither my formidable Norton IS nor MBAM nor Superanti found anything. Only this new Sopho's did.

Plus, the system had zero symptoms of infestation/infection.

Sigh.:'(

Thanks for this.

 

[Virgorising]

Also - those insects could be PUPs.

Theah he is! With a fine, perspective-enhancing, paranoia mitigating offering!:thumbsup:

 

[Virgorising]

Late addendum; I think if either of the two insects had been PUPs.....Sophos would have said that.

 

[balloonshark]

I'm no expert but why don't you have a look at the log? Your screen shot seem to indicate that a log file was created somewhere.

 

[Virgorising]

I'm no expert but why don't you have a look at the log? Your screen shot seem to indicate that a log file was created somewhere.

Please, no self abrogation, that was very good thought!!:thumbsup:

I did look at the log initially, then deleted it; it was typically huge. What I remember is, one insect originated with one of my many Aquarium screensavers, now gone via Sophos cleaning, and the other worked back to some autorun issue.

But I now regret having deleted the log, I do that by default, being a compulsive computer cleaning person....including, after converting a vid file and burning it using VSO. I immediately open the log file and select and delete everything and hit save. I do the same with Norton IS which logs EVERYTHING.

But that was a very smart thought!!!!!!!

 

[balloonshark]

When I saw this thread the first thing that came to my mind was your screensaver addiction lol.

As you already know free software often comes with nasty stuff. I read warnings about free screensavers a long time ago on security forums. If the nasty came with one of your paid screensavers it may be time to write a nasty letter.

If you remember which screensaver it was and where you downloaded it from re-download it and upload it to virustotal.com so it can be scanned. Virustotal results might give you a better idea of what you're dealing with. When you're finished let your OCD take over and delete the new file you downloaded lol. If you get any hits from a reputable company at VT perhaps you can try one of their cleaners to make sure you're completely clean.

P.S. The next time you want a screensaver upload it to virustotal first before running it on your computer . I do this with all software I download that is under virustotal's 64MB limit. Also realize that VT can give some false positives.

 

[Virgorising]

When I saw this thread the first thing that came to my mind was your screensaver addiction lol.

As you already know free software often comes with nasty stuff. I read warnings about free screensavers a long time ago on security forums. If the nasty came with one of your paid screensavers it may be time to write a nasty letter.

If you remember which screensaver it was and where you downloaded it from re-download it and upload it to virustotal.com so it can be scanned. Virustotal results might give you a better idea of what you're dealing with. When you're finished let your OCD take over and delete the new file you downloaded lol. If you get any hits from a reputable company at VT perhaps you can try one of their cleaners to make sure you're completely clean.

P.S. The next time you want a screensaver upload it to virustotal first before running it on your computer . I do this with all software I download that is under virustotal's 64MB limit. Also realize that VT can give some false positives.

Wow. I am truly moved you remembered my little addiction! Tho it's not to just any screensaver, ONLY aquarium savers.

And thanks much for the specific advice, I will follow up. Tho I am positive this system is clean now; I ran nearly every scan know to humanity.

Truly, I am far more careful about "free" stuff than most. But, again, also true, I do have this teeeeeeny little addiction.:whiste:

Thanks so much!

 

[LoveMachine]

You need a can of raid for the "insects"

RAID0 would kill them twice as fast, while RAID1 would make it doubly sure.

 

[Virgorising]

RAID0 would kill them twice as fast, while RAID1 would make it doubly sure.

K....assuming U don mean actual, literal RAID setup for my two drives---I stick with my internal backup system and never choose RAID......are you alluding to the toxic stuff in the presurized spray cans?:sneaky:

 

[Virgorising]

How do you know they weren't false positives? Plenty of programs can dig deep into your system or at least they did with Windows XP. In the past Rootkit scanners used to have a lot of FP's. The results also needed to be interpreted by a professional. It was also common to and unplug from the net and kill most of you security software before scanning.

If I had a real malicious rootkit I would also expect there to be other malware on my system. I would nuke the drive and re-image or reinstall Windows. My data drive would also be thoroughly scanned by multiple scanners.

With Steam, Origin, PunkBuster and game DRM on my computer it's hard to tell how they have dug into this machine.

I believe the Aquarium screensaver related insect was not a false positive.
I now get, compared with most, I have had an atypical history of being almost infection free. I learned early on how to stay safe.....but there are infinite humans breeding insects out there.

Just ponder what we know just today about the breadth of the invasion of Target....tens of millions (140M to be exact) now open to identity theft.....AND TODAY they announced same deal with Neiman Marcus.

 

[Ken g6]

Just so any non-English-speakers around here are clear:

https://en.wiktionary.org/wiki/insect#Noun
https://en.wiktionary.org/wiki/bug#Noun
https://en.wiktionary.org/wiki/computer_virus#Noun

insect = bug
Some people say a computer virus is a "bug".
A covert listening device is a "bug".
But an "insect" is not a computer virus or a covert listening device.

Hence all the insect jokes.

 

[John Connor]

78 MBs???? !!!!

 

[John Connor]

Just as suspected. Ran it and found nothing. Bitdefender, Comodo firewall and a host of other stuff I use is working. LOL!

 

[smakme7757]

Just as suspected. Ran it and found nothing. Bitdefender, Comodo firewall and a host of other stuff I use is working. LOL!

You know all this AV/Anti-malware stuff only stops know viri/malware.
For all you know you might have a rootkit which hasn't been detected yet.

 

[Virgorising]

Just so any non-English-speakers around here are clear:

https://en.wiktionary.org/wiki/insect#Noun
https://en.wiktionary.org/wiki/bug#Noun
https://en.wiktionary.org/wiki/computer_virus#Noun

insect = bug
Some people say a computer virus is a "bug".
A covert listening device is a "bug".
But an "insect" is not a computer virus or a covert listening device.

Hence all the insect jokes.

Hi, Ken.

I am a professional writer (once both fiction and exposition, now only exposition) celebrated for taking creative, never gratuitous liberties with language. [FONT=&quot]. Language is a living, breathing, richly metamorphosing entity. It has music, cadence and free associative riffs.

[/FONT]Being literate never means being stuck in the necrosis of rigidly literal.

There is a wondrous, small subculture of humans whose esoteric profession/passion is to monitor each new edition of formidable dictionaries. They track and report what has been expunged and what has been added.

Most obvious example, but only one of thousands, was when Google was added as a verb.

 

[Virgorising]

Just as suspected. Ran it and found nothing. Bitdefender, Comodo firewall and a host of other stuff I use is working. LOL!

That's good news, John! But my carefully chosen protection apps are also working. Fact is, most of them do not address rootkits. Which is why, the formidable MBAM wrote and brought the special BETA app which does only that.

 

[Virgorising]

You know all this AV/Anti-malware stuff only stops know viri/malware.
For all you know you might have a rootkit which hasn't been detected yet.

And, I also might have a new Optiplex 9020MT (HASWELL, i7 4770, I do not need the K one) with my name on it, hiding in the package room in the lobby. But I doubt it.:sneaky:

Of COURSE I know my very fine protection apps do not address rootkits. That is why I now have my two new apps which do.

 

[smakme7757]

And, I also might have a new Optiplex 9020MT (Haswell) with my name on it, hiding in the package room in the lobby. But I doubt it.:sneaky:

Of COURSE I know my very fine protection apps do not address rootkits. That is why I now have my two new apps which do.

My point was that there is no guarantee any piece of software will find any piece of malware that's new and not using old code as a base.

You faith in all these security programs is definitely disturbing.

 

[Virgorising]

My point was that there is no guarantee any piece of software will find any piece of malware that's new and not using old code as a base.

You faith in all these security programs is definitely disturbing.

I regret U R disturbed.....given objectively, I see no foundation for that.

While without ever having planned to, I have ended up the human who troubleshoots and repairs the systems of friends and colleagues----cause they don wanna learn, it seems, including cleaning infestations/infections, truth is, I have had the fewest issues by far among all.

Did I ever say, or ever think anything was absolute or with some guarantee? NO. We do the best we can evolving smart protection strategies, and each build of each app changes, and so, must be tested and explored.

Nobody is impervious, nor did I EVER think that. I am not the blindly loyal type. It's not how I roll.