locked
Specific question to help prove installation of poor man's rootkit on another machine RRS feed

  • Question

  • Infected computer: XP Home Edition Operating System 5.1.2600
    Wireless home network with dynamic IP address through local cable provider
    computer infected with poor man's rootkit see:
    http://www.symantec.com/enterprise/security_response/weblog/2006/09/the_poor_mans_rootkit.html

    Infected computer has firewall but out of date anti-spyware
    sufficient free disk space

    What I've done so far

    When I figured I was infected I bought a new computer (needed one anyway) and ID theft insurance.

    Got online on infected computer Ran XoftSpySE scan by pareto logic.
    Infections result: Severe risk threats are AlfaCleaner and PC Sentinel's Busted
    Researched these threats -- they have four components
    1) keystroke monitor
    2) web page viewing monitor
    3) ability to disable computer via online command of person who is monitoring keystrokes/web page viewing
    4) Installer for the top three components
    PC Sentinel is a program for parent's to buy to watch what their kids are doing on the Internet. I live with my girlfriend, have no kids and have no reason to have ever bought this application. It is $40 and I wouldn't spend money on something I have no use for.

    Submitted the following question to pareto logic customer support via e-mail:
    Can the scan tell me when the Alfacleaner and PC Sentinel apps were introduced?
    Waiting on reply.

    Disconnected from the internet on infected machine.

    Questions for this forum:

    Can I check some type of log in Windows XP register (or other files) on the infected machine to determine when AlfaCleaner and Sentinel were introduced?
    If I have this information and it coincides with the time frame of someone I just started working with I can prove who did this.

    If I can prove the above information, where should I take my infected computer and the research I've done. What agency of the government investigates these crimes and will listen to me. I've heard of people calling 800 numbers for the FBI and nothing ever happens. How can I get this information to someone who understands it and will follow up.

    It offends me when people post or reply to posts on bulletin boards for services and then take advantage of people by infecting their computers. The Internet should be a safe place for people to share information freely. If this guy violated me, he and/or his cohorts are doing it to others and should be prosecuted. I know what he looks like and where he lives and want to pass that information along to the appropriate authorities.

    Per the forum standards, I will post a thank you to everyone who can direct me to this information on my infected machine.






    Saturday, October 27, 2007 3:55 PM

Answers

All replies