The Seneka Rootkit: A Mysterious and Heavily Disclosable Computer Risk
Jan 20, 2009
What's your opinion?
What's your opinion?
Hard working virus writers have come up with a new way to infest computers all over the world with their evil programs. The latest monster they created is the Seneka Rootkit.A rootkit is malware consisting of a program that takes basic control of a computer system, without authorization by the system's owners and legitimate managers. Due to the fact that a rootkit takes control of the operating system running on the hardware, access to the hardware is seldom demanded. Usually, rootkits conceal their existence on the system through subversion or evasion of standard operating system security mechanisms. So they could be Trojans, misleading users to believe they are secure to run on their systems. Techniques used to complete this may involve hiding running processes from monitoring programs, or hiding files or system data from the operating system. There are five kinds of rootkits: firmware, hypervisor, kernel, library, and application level kits.
Refering to Wikipedia, rootkits originated as regular applications, aiming to take control of a failing or unresponsive system. However, nowadays rootkits are treated as malware that helps intruders gain access to systems by avoiding detection. Rootkits exist for a number of operating systems, like Microsoft Windows, Linux, Mac OS, and Solaris. Rootkits modify parts of the operating system or install themselves as drivers or kernel modules, depending on the internal details of an operating system's mechanisms.
Basically, most Anti-Virus and Malware Removal tools are useless against rootkits. Still, tools like BartPE and other Preinstallation Environment(PE) or Live Distros offer users the possibility to boot their computer with a fresh "un-rooted" copy of the operating system. Therefore, the users can examine and alter affected system files and remove offending rootkits of most types while keeping the fundamental systems undamaged.
You should handle rootkits with caution. Once you have noticed the Seneka rootkit you should be aware that it creates a seneka service which runs completely hidden from the Windows API, therefore many rootkit detectors are not able to find it.
According to several forums and looking at computer users comments, AVG antivirus and Registry Mechanic are not able to detect Seneka. However, Avenger along with the McAFee rootkit detective successfully found this type of rootkit and removed it. RootkitRevealer is also recommended as an advanced rootkit detection utility. It runs on Windows NT 4 and higher and it's output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. This software detects many persistent rootkits including AFX, Vanquish and HackerDefender.
Resources:
How to detect the Seneka rootkit?
Rootkit on Wikipedia
Using RootkitRevealer
BLOGROLL
LATEST ARTICLES
LATEST COMMENTS
Sep 02, 2010
Hi, rebzya, this my first post cvxcbxvcbed xszwtcodeine... moreSep 02, 2010
I just needed to officially say "Howdy" to each person here. I'm... moreSep 02, 2010
I just wished to officially say "Howdy" to anyone here. It looks... moreSep 02, 2010
I merely had to officially say "Hiya" to anyone here. I do think... moreAug 31, 2010
That is understandable that money can make us independent. But how to act... moreAug 30, 2010
I recently wanted to officially say "Hello" to everybody here.... more
more comments »
Comments
State your case