There is one introspection I hasten to share. In fact I cursed myself for not thinking out of the box fast enough. I'd rushed to post it; mercifully Sandeep's problem had been solved by then.
Throughout Sandeep's trouble I inferred that the "naughty Process" was a "visible" process. That is, it was not a trojan or a rootkit. How daft of me. What if the devil was actually invisible?
A rootkit/trojan process is a clever invisible devil of a process which hides itself even from a process manager itself!
I'd like someone to answer this if possible.
1) Does Anvir "visibilize" even an "invisible, rootkit, trojan process" or is it unable to do so?
2) If one wished to capture a rootkit trojan devil in Anvir can one do it this way – Physically count the number of processes in a 1, 2, 3, 4… basis & compare that with the summarized count which Anvir shows you in its icon in the system tray? The difference means you are suffering a rootkit process.
3) Does Anvir's physical process count always match the process count showed in the tray? Or can the tray count be higher – the difference being a pointer that there is a rootkit devil eating the cpu. That's dicey because the devil eating cpu cycles is an "invisible" devil rather than a "visible" devil!
4) Do Anvir & Process Tamer only catch/tame "visible" devils or "invisible" devils as well?
We fortunately have well-heeled stalwarts like Karen & also savvy stalwarts like Ashraf whose high standing in the industry owes itself not only to his intellect & honesty but also to I am sure excellent respect he commands from developers.
Therefore it would help dottechies if we get an answer to this question – does Anvir & Process Tamer catch/tame only visible devils or invisible devils too.
Sandeep – for posterity sake invisible devilry aka rootkit gets caused sometimes in the time gap between uninstalling one antivirus & installing another. Even a good antivirus catches a rootkit only if it enters AFTER that AV is installed AND NOT before that AV is installed.
Given that I shudder to think what invisible rootkit devils lurk in various computers.That's why there is a market for rootkit revealers even though there are good antivirus – it catches invisible devils even if your anti virus does not.
I don't have one yet, but plan to.Which rootkit revealer is best & why?
That's really a good question asked by Ramesh and sorry i don't have any answer to it.
Regarding Rootkit – there is a Microsoft program called RootkitRevealer which can be found at http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
But i am really doubtfull how come my problem is gone by just installing the updated LAN drivers. I will try rebooting it again to see if it is really gone.
@Ramesh: I only tried to think through part of your post (I was just reading some "classic" literature -.-), but it looks like you're looking for something to reveal rootkits. I can't say I've tried this, but I can't say I've ever had a rootkit either:
Locutus I kindly seek an answer to 2 quesions & not just one. Sorry, my fault. Perhaps I should have phrased better:-
1) Do Anvir & Process Tamer spot "visible" processes only or are also capable of spotting invisible (aka a rootkit) processes as well? I am optimistically hopeful because our very own doyen who reviewed it is with us. I say this with all the affection & respect I possess Ashraf so don't go angry on me okay
2) Which is the best rootkit revealer & why?
So these are 2 seperate issues for which I seek help from our family
Unfortunately I've never used either of those pieces of software, so I can't help you there.
On the second note, I've never had to deal with a rootkit, but here's some I've found:
http://download.cnet.com/Panda-Anti-Rootkit/3000-8022_4-10717196.html?tag=mncol – Panda Anti-Rootkit
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx – RootkitRevealer
Both are from very big name companies.
1, Anvir dosen't find rootkits, never used Process Tamer, but I would say no.
2, I use Sophos Anti-Rootkit.
I've tried Panda Anti-Rootkit. Had a problem with it, unistalled it, left some piece's behind.
@Locutus – reading a classic & also moderating a forum. Obviouly you have refined taste & rare talents too That's nice!
Thanks friends. They say if you give a person a fish you provide him a meal; but if you teach him how to fish you enable him to feed himself throughout his life. You've taught me how to fish. Thanks! I am setting out to fish for a rootkit protector for my comp
http://www.prnwatch.com/prio.html this is an improved over task manager that I use
This morning when i started my PC, services.exe again started consuming 50% CPU. Sorry Ramesh i didn't installed Process Tamer yet. Before rebooting my PC this morning there was an error message (as my PC was locked on friday, didn't shutdown) saying "Delayed write failed" pointing to somewhere here "C:\WINDOWS\system32\wbem". I oked that message and did a reboot. After running Windows services.exe was consuming 50% CPU. Then i checked this post and as Karen says try disabling "Event Log" and "Error Reporting Service" i did that and rebooted the PC. Hurrrey the problem is gone.
Thanks Guys for all your help. Keep it up.
That's the second good news in 2 days. Yesterday Conn09 got out of the woods & today you have. That now leaves only Steelers6 (System Dumps).
It is not important whether getting out of the woods was because of or inspite of someone. When a dottechie gets out of the woods all other dottechies are happy. Like Conn09 you too have left everyone with good learnings for the future
Most Users Ever Online: wp_sferrorlog
Currently Browsing this Page:
Guest Posters: 9
Newest Members: rik71, ashish.2013, Jon Vance, Frank Dykes, theodas, Tai
Administrators: Ashraf (1741), Locutus (1886), amnesia (270)