|
cyborg7
Stranger

Registered: 01/22/13
Posts: 151
Last seen: 9 years, 11 months
|
ROOT KIT
#19319709 - 12/24/13 04:48 AM (10 years, 1 month ago) |
|
|
Whaere is the root of the PC and how do I edit it?
Itsnot the kernal and not the bios, so what is the root? 
Ive got the mother of all rootkits its driving me insane
|
cyborg7
Stranger

Registered: 01/22/13
Posts: 151
Last seen: 9 years, 11 months
|
Re: ROOT KIT [Re: cyborg7]
#19319725 - 12/24/13 04:54 AM (10 years, 1 month ago) |
|
|
|
cyborg7
Stranger

Registered: 01/22/13
Posts: 151
Last seen: 9 years, 11 months
|
Re: ROOT KIT [Re: cyborg7]
#19319765 - 12/24/13 05:40 AM (10 years, 1 month ago) |
|
|
[ 0.907670] sda: sda1 sda2 < sda5 > [ 0.910375] scsi 1:0:1:0: CD-ROM _NEC DVD_RW ND-1300A 1.05 PQ: 0 ANSI: 5 [ 0.913706] sr0: scsi3-mmc drive: 40x/40x writer cd/rw xa/form2 cdda tray [ 0.913714] cdrom: Uniform CD-ROM driver Revision: 3.20 [ 0.913999] sd 1:0:0:0: [sda] Attached SCSI disk [ 0.914127] sr 1:0:1:0: Attached scsi CD-ROM sr0 [ 0.914343] sr 1:0:1:0: Attached scsi generic sg1 type 5 [ 1.068414] usb 4-1: new low-speed USB device number 2 using uhci_hcd [ 1.160367] Refined TSC clocksource calibration: 2393.999 MHz. [ 1.160380] Switching to clocksource tsc [ 1.300085] Freeing initrd memory: 19832k freed [ 1.343654] Magic number: 9:519:75 [ 1.343796] rtc_cmos 00:02: setting system clock to 2013-12-24 11:04:15 UTC (1387883055) [ 1.343828] BIOS EDD facility v0.16 2004-Jun-25, 0 devices found [ 1.343831] EDD information not available. [ 1.344137] Freeing unused kernel memory: 716k freed [ 1.345109] Write protecting the kernel text: 5640k [ 1.345152] Write protecting the kernel read-only data: 2332k [ 1.393872] udevd[90]: starting version 175 [ 1.536150] usb 4-2: new low-speed USB device number 3 using uhci_hcd [ 1.697416] [drm] Initialized drm 1.1.0 20060810 [ 1.795819] input: USB USB Keyboard as /devices/pci0000:00/0000:00:1d.2/usb4/4-1/4-1:1.0/input/input2 [ 1.796624] generic-usb 0003:1A2C:0C21.0001: input,hidraw0: USB HID v1.10 Keyboard [USB USB Keyboard] on usb-0000:00:1d.2-1/input0 [ 1.809129] e100: Intel(R) PRO/100 Network Driver, 3.5.24-k2-NAPI [ 1.809134] e100: Copyright(c) 1999-2006 Intel Corporation [ 1.809198] e100 0000:01:08.0: PCI INT A -> GSI 20 (level, low) -> IRQ 9 [ 1.833621] input: USB USB Keyboard as /devices/pci0000:00/0000:00:1d.2/usb4/4-1/4-1:1.1/input/input3 [ 1.834645] generic-usb 0003:1A2C:0C21.0002: input,hidraw1: USB HID v1.10 Mouse [USB USB Keyboard] on usb-0000:00:1d.2-1/input1 [ 1.844355] i915 0000:00:02.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16 [ 1.844365] i915 0000:00:02.0: setting latency timer to 64 [ 1.861170] input: Lenovo Optical USB Mouse as /devices/pci0000:00/0000:00:1d.2/usb4/4-2/4-2:1.0/input/input4 [ 1.865431] e100 0000:01:08.0: PME# disabled [ 1.866194] e100 0000:01:08.0: eth0: addr 0xfe5ff000, irq 9, MAC addr 00:0f:fe:a5:61:24 [ 1.869425] [drm] Supports vblank timestamp caching Rev 1 (10.10.2010). [ 1.869431] [drm] Driver supports precise vblank timestamp query. [ 1.870082] vgaarb: device changed decodes: PCI:0000:00:02.0,olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 1.910868] generic-usb 0003:17EF:6019.0003: input,hidraw2: USB HID v1.11 Mouse [Lenovo Optical USB Mouse] on usb-0000:00:1d.2-2/input0 [ 1.910906] usbcore: registered new interface driver usbhid [ 1.910910] usbhid: USB HID core driver [ 1.939555] [drm] initialized overlay support [ 2.118610] fbcon: inteldrmfb (fb0) is primary device [ 2.167748] Console: switching to colour frame buffer device 160x64 [ 2.175474] fb0: inteldrmfb frame buffer device [ 2.175478] drm: registered panic notifier [ 2.176072] [drm] Initialized i915 1.6.0 20080730 for 0000:00:02.0 on minor 0 [ 2.753710] Btrfs loaded [ 2.786769] xor: automatically using best checksumming function: pIII_sse [ 2.804013] pIII_sse : 3045.000 MB/sec [ 2.804017] xor: using function: pIII_sse (3045.000 MB/sec) [ 2.806587] device-mapper: dm-raid45: initialized v0.2594b [ 3.200501] EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null) [ 3.911275] ISO 9660 Extensions: Microsoft Joliet Level 3 [ 3.950196] ISO 9660 Extensions: RRIP_1991A [ 4.409315] squashfs: version 4.0 (2009/01/31) Phillip Lougher [ 50.004137] usb 4-2: USB disconnect, device number 3 [ 50.180376] ADDRCONF(NETDEV_UP): eth0: link is not ready [ 50.525048] udevd[1013]: starting version 175 [ 51.480111] usb 4-2: new low-speed USB device number 4 using uhci_hcd [ 51.677385] input: Lenovo Optical USB Mouse as /devices/pci0000:00/0000:00:1d.2/usb4/4-2/4-2:1.0/input/input5 [ 51.677779] generic-usb 0003:17EF:6019.0004: input,hidraw2: USB HID v1.11 Mouse [Lenovo Optical USB Mouse] on usb-0000:00:1d.2-2/input0 [ 51.872379] lp: driver loaded but no devices found [ 52.529557] ppdev: user-space parallel port driver [ 52.697565] Bluetooth: Core ver 2.16 [ 52.697678] NET: Registered protocol family 31 [ 52.697682] Bluetooth: HCI device and connection manager initialized [ 52.697687] Bluetooth: HCI socket layer initialized [ 52.697690] Bluetooth: L2CAP socket layer initialized [ 52.697701] Bluetooth: SCO socket layer initialized [ 52.727325] parport_pc 00:06: reported by Plug and Play ACPI [ 52.727387] parport0: PC-style at 0x378 (0x778), irq 7, using FIFO [PCSPP,TRISTATE,COMPAT,ECP] [ 52.817274] lp0: using parport0 (interrupt-driven). [ 52.917172] Bluetooth: BNEP (Ethernet Emulation) ver 1.3 [ 52.917179] Bluetooth: BNEP filters: protocol multicast [ 53.878851] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4 [ 54.047643] intel_rng: FWH not detected [ 54.712456] device-mapper: multipath: version 1.3.1 loaded [ 55.845733] ip_tables: (C) 2000-2006 Netfilter Core Team [ 56.185471] nf_conntrack version 0.5.0 (15886 buckets, 63544 max) [ 57.253254] ip6_tables: (C) 2000-2006 Netfilter Core Team [ 58.660166] snd_intel8x0 0000:00:1f.5: PCI INT B -> GSI 17 (level, low) -> IRQ 17 [ 58.660220] snd_intel8x0 0000:00:1f.5: setting latency timer to 64 [ 59.084028] intel8x0_measure_ac97_clock: measured 55596 usecs (2679 samples) [ 59.084034] intel8x0: clocking to 48000 [ 61.564950] init: failsafe main process (1576) killed by TERM signal [ 65.054596] init: alsa-restore main process (1655) terminated with status 99 [ 66.126739] zram: module is from the staging directory, the quality is unknown, you have been warned. [ 66.132272] zram: Creating 1 devices ... [ 66.413368] ADDRCONF(NETDEV_UP): eth0: link is not ready [ 66.416206] e100 0000:01:08.0: eth0: NIC Link is Up 100 Mbps Full Duplex [ 66.416823] ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 66.951935] Buffer I/O error on device zram0, logical block 127087 [ 66.951946] Buffer I/O error on device zram0, logical block 127087 [ 66.952445] Buffer I/O error on device zram0, logical block 127087 [ 66.952461] Buffer I/O error on device zram0, logical block 127087 [ 66.952472] Buffer I/O error on device zram0, logical block 127087 [ 66.952483] Buffer I/O error on device zram0, logical block 127087 [ 66.952492] Buffer I/O error on device zram0, logical block 127087 [ 66.952561] Buffer I/O error on device zram0, logical block 127087 [ 66.952571] Buffer I/O error on device zram0, logical block 127087 [ 66.952595] Buffer I/O error on device zram0, logical block 127087 [ 67.225059] Adding 508348k swap on /dev/zram0. Priority:5 extents:1 across:508348k SS [ 78.168014] eth0: no IPv6 routers present [ 78.857637] init: plymouth-stop pre-start process (3352) terminated with status 1
|
cyborg7
Stranger

Registered: 01/22/13
Posts: 151
Last seen: 9 years, 11 months
|
Re: ROOT KIT [Re: cyborg7]
#19319792 - 12/24/13 05:59 AM (10 years, 1 month ago) |
|
|
http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=publication&name=Persistent_BIOS_Infection
FFS its rediculous what a cunt
What goods his root kit gonna be when >>I copme down with my kit and cut hios fucking roots out
|
biscoHead
Young Psychonaut



Registered: 12/26/13
Posts: 32
Last seen: 9 years, 8 months
|
Re: ROOT KIT [Re: cyborg7]
#19331234 - 12/27/13 12:03 AM (10 years, 1 month ago) |
|
|
F-Secure Blacklight
Worked for me when I got a rootkit about 4 years ago.
--------------------
Edited by biscoHead (12/27/13 12:04 AM)
|
Dawks
Jolly African Potato


Registered: 06/09/10
Posts: 4,935
|
Re: ROOT KIT [Re: cyborg7]
#19338715 - 12/28/13 08:25 PM (10 years, 1 month ago) |
|
|
Quote:
cyborg7 said: Whaere is the root of the PC and how do I edit it?
Itsnot the kernal and not the bios, so what is the root? 
A rootkit is a simple piece of software for maintaining "superuser" (root) access to the system. Malicious rootkits often also hide their existence using various tricks/hacks. A rootkit can run in user space or kernel space.
A malicious usermode rootkit often hides itself by modifying system files and hijacking API calls.
Kernel mode rootkits are much less common in the wild but work in a similar way typically modifying the system call table to its desired effect.
--------------------
date ; unzip ; strip ; touch ; grep ; finger ; mount ; fsck ; more ; yes ; umount ; sleep
|
lessismore
Registered: 02/10/13
Posts: 6,268
|
Re: ROOT KIT [Re: Dawks]
#19338751 - 12/28/13 08:31 PM (10 years, 1 month ago) |
|
|
root by choice :-)
|
lemintus
Stranger
Registered: 10/10/13
Posts: 10
Last seen: 10 years, 26 days
|
|
Fresh format the C: Drive AFTER you backup stuff. THEN install your Operating system. Like boot into recovery, select C drive, wipe, format windows/mac/linux onto c. enjoy fresh pc  I do a fresh OS install often to keep my computer classy
|
tropicalfrenzy
Strangerer



Registered: 09/04/12
Posts: 1,522
Loc: Oz
Last seen: 9 years, 10 months
|
|
Which kit are you dealing with?
Some can be dealt with using TDSS cleaners and then a mob of other cleanup tools, others need to be removed manually... others require a low format of your HDD to remove (just reinstalling the OS doesn't fix all).
It's really all about specifics.
--------------------
|
lessismore
Registered: 02/10/13
Posts: 6,268
|
|
I didn't see anything in the dmesg you posted
why would you even think you got rooted? how did you find out?
A bios rootkit you dont find out usually
|
cyborg7
Stranger

Registered: 01/22/13
Posts: 151
Last seen: 9 years, 11 months
|
|
Ive been unbder direct control of agency/user unknown.
They coontrol my entire system.
I ended up being put in a mental institue then let out when they confirmed it was real. From what I can gather its several people;
theres the governemnt one that everybody has a hacking grouo that was attacking me a local hacker that wanbted my business
Either way, I've been screwed - I lost a life times work and rarely use a computer anymore. My business was taken entirely and I lost my life savings trying to save the business.
I'm just another sucker on welfare now.
|
|