News

Stuxnet Rootkit Remover

30 Lug/10

Stuxnet is family of new threats that have emerged in mid July 2010, with the majority of infected computer systems in Iran, Indonesia, India and the US. The rootkit is distributed by direct attacks, email, infected executables and the recently discovered lnk shortcut security vulnerability in Windows.

Stuxnet uses the aforementioned .lnk technique to install additional malware components. It first injects a backdoor (Worm:Win32/Stuxnet.A) onto the compromised system, and then drops two drivers:

Trojan:WinNT/Stuxnet.A – hides the presence of the .lnk files
Trojan:WinNT/Stuxnet.B – injects (formerly) encrypted data blobs (.tmp files) into memory, each of which appear to serve different purposes as the Stuxnet deployment system infrastructure (drivers, .lnk files, propagation, etc.).

Stuxnet Rootkit Remover has been designed to detect and remove active infections on Windows systems. The software scans the system for infected files..

C:WINDOWSsystem32driversmrxcls.sys
C:WINDOWSsystem32driversmrxnet.sys
C:WINDOWSinfmdmcpq3.PNF
C:WINDOWSinfmdmeric3.PNF
C:WINDOWSinfoem6C.PNF
C:WINDOWSinfoem7A.PNF

and detects and removes malicious LNK and TMP files stored in removable media.

~WTR4132.tmp
“Copy of Copy of Copy of Copy of Shortcut to.lnk”
“Copy of Copy of Copy of Shortcut to.lnk”
“Copy of Copy of Shortcut to.lnk”
“Copy of Shortcut to.lnk”
~WTR4141.tmp

Stuxnet Remover

Stuxnet Remover

The program needs to be installed before it can be started. The Check Me Now button in the main interface scans the system for active infections, and removes infected files if any are found on the PC.

Many antivirus solutions detect Stuxnet variants by now, including the free Microsoft Security Essentials. Stuxnet Remover however is a handy tool if the computer has already been infected with the malicious software. It also serves the purpose of detecting the rootkit if it is already on the computer system.

Stuxnet Remover is available for download at the developer’s website. The rootkit scanner is compatible with all Microsoft operating systems from Windows XP to Windows 7. The project page states that it only supports 32-bit editions, but it tested fine on a 64-bit system.


© Martin for gHacks Technology News, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, <a href="http://www.stumbleupon.com/submit?url=http://www.ghacks.net/2010/07/30/stuxnet-rootkit-remover/&title=Stuxnet Rootkit Removerstumbleupon, twitter
Post tags: , , , , , ,

Continua a leggere – Original Link: Stuxnet Rootkit Remover

Technorati Tags: , , , , , , , , , , ,

Leggi Anche

Condividi
Condividi in DeliciousCondividi in DiggCondividi in RedditCondividi in StumbleCondividi in MixxCondividi in TecnoratiCondividi in Ok Notizie

Commenti

I commenti sono disabilitati per questo articolo.

I commenti sono chiusi.

Autore

    Spina Rosario
    Inserito da

Archivio

Iscrizione Newsletter

    Tieniti informato con tutte le novità del mondo informatico con la nostra newsletter
    Email:

    Nome:

    Auto Shop Italia
    Web Burning Blog
    Info Privacy

Meta