On 4/19/06, Nic James <nic.james@btconnect.com> wrote:
List,
1. Would it be possible, if the rootkit (presumably a system level
one?) has deployed, for it to fool the removal tool ?
Yes this is definetly possible to achive via root kicks. The
following tools may be able to check for rootkits, failing that
perhaps you could try doing some monitoring of the web traffic to see
if there is anything unusual and try and see which process is causing
it. i should alos mention that you should take the HDD of the
suspected computer slave it to a working pc, this is the only sure
method of finding any offending matirial.
If you do suspect i root kit and can't find it i would recomend fdisk
reinstall :(
http://www.sysinternals.com/Utilities/RootkitRevealer.html
http://www.f-secure.com/blacklight
http://www.rootkitdetector.com/
it will do know har to run them all.
2. Has anyone come across other reasons for why Live Update would give
this error message for the update LU1875 ?
this thread may be of intrest in regard to this error :D.
I dont know much about norton products but it never hurts to ensure
the host file (%WINDIR%\system32\drivers\etc\hosts)
genrelly only the following entry should appear*. however you should
be making sure that there is no entry for any symantic sites
localhost 127.0.0.1
*not everything with a '#' is a comment and can be ignored.
-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise
http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
