Maybe I've been out of the game a little too much with the low amount of work I've pulled in for the past year but from what I can tell it looks like malware is all leaning in the direction of rootkits now. Has anyone else noticed that a large majority of infections are using this to keep from being removed easily? Also what are your methods so far that work out for you? In my observations Combofix is most of the time incapable or incapacitated so it can't deal with the rootkits. I've resorted to all in safe mode, installing powershell on systems and running emsisofts a2cmd program, esets DOS32, and sunbelt softwares viprerescue through it just to get things started then I follow up in the next reboot with Trend Micros rootkit buster. I'm sure there are better methods or processes I should add to this though. Suggestions or your own tricks would be nice to pull from if you don't mind sharing.
Oh by the way the reason I use powershell is because to me it seems it gives some added permission/access to files for the command line scanners. I could be wrong and assuming this because of it showing me more than the general command prompt would show me.
Reply With Quote
Bookmarks