BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Win32:rootkit-gen[Rtk]
   
BullGuard Antivirus Forum > Virus Removal > Removal Tools > Win32:rootkit-gen[Rtk]  
Forum Quick Jump
 
New Topic Post reply to : Win32:rootkit-gen[Rtk] Printable version of : Win32:rootkit-gen[Rtk]
[ << Previous Thread | Next Thread >> ]

rjmsmith
New Member


Date Joined Jun 2008
Total Posts : 18
 
   Posted 8/3/2009 2:40 PM (GMT +3)    Quote: Win32:rootkit-gen[Rtk]Alert an admin about: Win32:rootkit-gen[Rtk]
Hi guys,

I was sent some photographs which contained this virus.
Is there any way I can trace the perpetrator?
I run a hotmail site for residents in Goa, India, and I need this information.
Whoever the perpetrator is, he/she knows the resident names, the password, the email addresses, and he has used this information to load the virus into an email. He has used the Hotmail online screen (not Outlook) as the information is only partly updated on this screen - two messages bounced.

I can attach the actual email he/she sent if this is any use to you. How do I attach emails?

Regards, Roger.

12:21:50 PM Fotos 27/07 :

Imagens anexadas: DSC_0442.jpg - DSC_0443.jpg - DSC_0444.jpg



Videos Hotmail.com: www.hotmail.com/videos

--------------------------------------------------------------------------------
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 8/3/2009 3:08 PM (GMT +3)    Quote: Win32:rootkit-gen[Rtk]Alert an admin about: Win32:rootkit-gen[Rtk]
Hello rjmsmith,

Given all the data the email sender has it suggests the site is compromised in some way. Have you changed your own secure logins (from a computer that has not been involved with the site in an way), and also checked your computer(s) for malware? Tracking the source is usually impossible, due to the email header info being "spoofed" or faked. Stopping it from being repeated should be highest on your agenda of things to do, though.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

rjmsmith
New Member


Date Joined Jun 2008
Total Posts : 18
 
   Posted 8/3/2009 3:22 PM (GMT +3)    Quote: Win32:rootkit-gen[Rtk]Alert an admin about: Win32:rootkit-gen[Rtk]
Hi Jintan,

The problem is that several people have access to the Hotmail site, same Username, and that they all use the same password.
I don't think it is Malware. The site has DEFINITELY been compromised, and I would like to find out who.
The sender of the virus has access to all the information, possibly legitimately. He/she may be a resident.
Without blaming the residents, I would still like to get my hands on the culprit.

Regards, Roger.
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 8/3/2009 9:52 PM (GMT +3)    Quote: Win32:rootkit-gen[Rtk]Alert an admin about: Win32:rootkit-gen[Rtk]
I can't picture what site file or control panel accesses you might use, but many have raw logs that can be looked through. Not really sure what else I might recommend. But instead of thinking this is a purposeful act of a member, consider it may be a member's infected system, with some mailer worm or other infection involved.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

rjmsmith
New Member


Date Joined Jun 2008
Total Posts : 18
 
   Posted 8/4/2009 6:36 AM (GMT +3)    Quote: Win32:rootkit-gen[Rtk]Alert an admin about: Win32:rootkit-gen[Rtk]
Hi Jintan,

I use Hotmail. All members have the same username and password. We log in to Hotmail, and communicate.
Unlikely it's a mailer worm, as my machine wasn't infected. What about TRACERT? How do I run it? Not sure what else I can do.
Anyway, thanks for your help.

Regards, Roger.
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 8/4/2009 3:18 PM (GMT +3)    Quote: Win32:rootkit-gen[Rtk]Alert an admin about: Win32:rootkit-gen[Rtk]
No, I don't see tracert doing much in that situation. But I am unclear how all users use one name and one password. What keeps them separated, as far as their emails are concerned? The type of email you are talking about is often either sent like spam, using some existing spam list and often spoofing the sender's address and email routes, or sent by one user's infected computer, using the information they have stored on their computer. Does any one computer have all the information you feel was compromised - user names etc.?


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 8/4/2009 3:26 PM (GMT +3)    Quote: Win32:rootkit-gen[Rtk]Alert an admin about: Win32:rootkit-gen[Rtk]
I used some information you first posted and web researched, and yes, this is a known emailer infection that is sent using information from an infected computer. So back to the question of whose computer is infected. That is the one we should be checking here in this forum thread.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

rjmsmith
New Member


Date Joined Jun 2008
Total Posts : 18
 
   Posted 8/5/2009 6:05 AM (GMT +3)    Quote: Win32:rootkit-gen[Rtk]Alert an admin about: Win32:rootkit-gen[Rtk]
Hi Jintan,
It's easy to set-up a multiple account, by setting the account name to (eg) colonia@hotmail.com, and the password to XXXXXXXX. Just give all the users the username and the password, and set their email addresses into the address book.
OK about tracert.
We have found the computer in question: it was a resident's computer that was propagating the virus (currently in the uk), and I have advised him accordingly. I have suggested that he use AVAST! which is the same one that I use, and which got rid of the infection.
Thanks for all your help.

Regards, Roger.
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 8/5/2009 6:01 PM (GMT +3)    Quote: Win32:rootkit-gen[Rtk]Alert an admin about: Win32:rootkit-gen[Rtk]
If any one computer can be identified and the owner is comfortable with doing their own repairs, they can surely start a request here in the forum. Although Avast is a known and good antivirus software, just scans with it may not be sufficient to remove all infection issues.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

rjmsmith
New Member


Date Joined Jun 2008
Total Posts : 18
 
   Posted 8/6/2009 5:38 AM (GMT +3)    Quote: Win32:rootkit-gen[Rtk]Alert an admin about: Win32:rootkit-gen[Rtk]
Hi Jintan,

AVAST! is a good program, and it does more than scan the computer. When it finds a virus, gives several options as to what to do with it: the options are Move to Chest, Delete, Repair etc., When it finds a virus such as rootkit, you have to reboot the computer, and an MSDOS program takes over and cleans the virus. I am more than satisfied with Avast!.

The computer has been identified, and the residents are now more aware of the risks. Most of the residents are computer-illiterate!

Thanks for all your help.

Regards, Roger.
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 8/6/2009 3:00 PM (GMT +3)    Quote: Win32:rootkit-gen[Rtk]Alert an admin about: Win32:rootkit-gen[Rtk]
Not a discussion of the merits of Avast though rjmsmith. As just an antivirus program, it will not locate and remove all types of infection. If one security software did we would just post a link to that and not provide the help we do in all the requests here. smile


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 8/6/2009 3:05 PM (GMT +3)    Quote: Win32:rootkit-gen[Rtk]Alert an admin about: Win32:rootkit-gen[Rtk]
Here, this person also has and uses Avast, and had some tough infection issues that needed to be solved. Having and using a good antivirus software is very important, but it is not a cure-all for all malicious activities.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

rjmsmith
New Member


Date Joined Jun 2008
Total Posts : 18
 
   Posted 8/6/2009 4:49 PM (GMT +3)    Quote: Win32:rootkit-gen[Rtk]Alert an admin about: Win32:rootkit-gen[Rtk]
Hi Jintan,

Wow! I see what you mean. I've just read beeshan's report and it does take a while to get rid of a virus!
I didn't mean to praise AVAST! unnecessarily, but it's the program I use.
Apart from using multiple virus checkers, I don't know what to do. Perhaps you can suggest something.

Thanks for all your help.

Regards, Roger.
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 8/7/2009 2:24 AM (GMT +3)    Quote: Win32:rootkit-gen[Rtk]Alert an admin about: Win32:rootkit-gen[Rtk]
Do what the other BG forum member did, and post analysis logs to check. If more than one computer, they will need to each have a separate request thread, but in each a note should be posted saying they are related to this thread. Let me know if you would like to check perhaps your system now, as well as what others might need checking. Sorry, but experience has proven it is a bad idea to try to do more than one system in one thread - turns into a bunch of confusion.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 
New Topic Post reply to : Win32:rootkit-gen[Rtk] Printable version of : Win32:rootkit-gen[Rtk]
 
Forum Information
Currently it is Tuesday, September 30, 2014 6:53 PM (GMT +3)
There are a total of 60,627 posts in 13,326 threads.
In the last 3 days there were 0 new threads and 1 reply posts. View Active Threads
Who's Online
This forum has 36440 registered members. Please welcome our newest member, tedlevin14.
4 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Syswow64 (13)9/30/2014 1:41:48 PM (yoko90)