Slashdot Mirror
How Do I Determine If My PC is a Zombie?
Captain Chad wonders: "With the recent news of a 1.5-million node botnet, as well as the AIM rootkit worm, I'm getting a bit concerned about whether my PC may be a zombie. I'm seeing a lot of internet activity, even when nothing is running, and I've checked the process explorer for obvious tasks to no avail. I apply patches as soon as they're released, and my antivirus/spyware programs report nothing. How do I determine if my PC is a zombie, and if it is, how would I de-infect it?"
On this same vein, college campuses are often prime breeding grounds for undead-boxen. bcrowell adds: "I'm a teacher at a community college where Windows is the only supported OS -- if you ask the school to put machine on your desk, you get a Windows box. Faculty who want to run MacOS or Linux have had to provide their own machines, and those who want to do PowerPoint presentations for their classes have been told that they have to buy their own laptops and bring them in.
Now Academic Computing has announced a new policy: any unauthorized use of the network, such as plugging in your own computer to a port, is prohibited, and will result in disciplinary action. There are supposedly plans to enforce this rule automatically with hardware and software. Great consternation has ensued in the faculty senate, and the manager who wrote the policy has explained that it is basically aimed at the problem of improperly maintained teachers' machines getting '0wned'. A little ironic, because the Windows boxes maintained by the computing folks keep getting infected by worms. Still, it's not an unreasonable concern; many teachers are clueless. In fact, I wouldn't pretend to know enough to keep a Windows machine secure on a public network, although I haven't had any problem with the FreeBSD box on my desk. Any suggestions on how to deal with this? Effective arguments to use? Good educational resources to point people to so they can learn how to keep their Windows boxes secure? Many of my colleagues seem to think that security mainly involves buying antivirus software."
Now Academic Computing has announced a new policy: any unauthorized use of the network, such as plugging in your own computer to a port, is prohibited, and will result in disciplinary action. There are supposedly plans to enforce this rule automatically with hardware and software. Great consternation has ensued in the faculty senate, and the manager who wrote the policy has explained that it is basically aimed at the problem of improperly maintained teachers' machines getting '0wned'. A little ironic, because the Windows boxes maintained by the computing folks keep getting infected by worms. Still, it's not an unreasonable concern; many teachers are clueless. In fact, I wouldn't pretend to know enough to keep a Windows machine secure on a public network, although I haven't had any problem with the FreeBSD box on my desk. Any suggestions on how to deal with this? Effective arguments to use? Good educational resources to point people to so they can learn how to keep their Windows boxes secure? Many of my colleagues seem to think that security mainly involves buying antivirus software."
Place a bowl full of brains in front of it and see if you get a response.
Happy Halloween >:D
http://www.sysinternals.com/Utilities/rootkitrevea ler.html
Go here and download Rootkit Revealer. If that doesn't find anything, and you've tried everything you said, you got some smart malicious rootkit-usin' virus that knows how to trick Revealer, or your system is the proto for some new form of evilness.
A B A C A B B
127.0.0.1
Thanks in advance.
I see a lot of people offering some moderatly technical advice, but perhaps a simpler answer to the question is - there's no one easy, foolproof, turnkey way to reliably determine whether your Windows machine is infected.
There are too many different types of malware around - virii, spyware, rootkits, trojans, and so on - each of which has new twists coming up almost daily. No single development team or company can keep up, and there are too many out there trying for there even to be a dominant player (and if there were, malware would promptly be rewritten to undermine the anti-malware utility in question...).
You will either need to learn how to use some of the tools others in this thread mention (it's not as hard as it may seem at first - try running them on a system you can be confident is clean, and become familiar with what "safe" traffic looks like, then try yours), or be prepared to pay hefty $ for expert help, or switch to another OS.
FWIW, I've run un-patched Windows2k for years without trouble, largely because I use a hardware NAT (firewall) and avoid Outlook. Even so, I am careful to avoid clicking on the wrong things online, and I am working towards moving to Linux ASAP.
Perfectly Normal Industries