Jump to content

  • Log In with Google      Sign In   
  • Create Account

FREE SOFTWARE GIVEAWAY

We have 4 x Pro Licences (valued at $59 each) for 2d modular animation software Spriter to give away in this Thursday's GDNet Direct email newsletter.


Read more in this forum topic or make sure you're signed up (from the right-hand sidebar on the homepage) and read Thursday's newsletter to get in the running!


How can I check if my computer has a rootkit on it?


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
12 replies to this topic

#1 Servant of the Lord   Crossbones+   -  Reputation: 21183

Posted 27 June 2013 - 11:55 AM

I have Microsoft Security Essentials and Spybot Search and Destroy on my computer already, and Windows is set to automatically downloads updates. I'm currently having MSSE and Spybot S&D do full scans.

 

This morning when I started up, after the Dell startup screen, but before the Windows startup screen, the screen turned black and in the corner was a small logo and the word (I think) "Pheonix". It was only up for half a second, but I've never seen that screen before.

 

If it is a rootkit, it's pretty dumb of them to display something onscreen during startup. laugh.png

If it's not a rootkit, how come I've never seen it before until this morning? I've booted up my computer loads of times in the past, and have several times went into the bios or safe mode, and I've never saw that screen before.

Usually, I just turn on my computer and walk away for about a minute so Windows can start up, so that might explain missing that screen some of the time, but perhaps not all the time.

 

How can I check if something's on here? Can I see it in the BIOS somehow? What do you think it was?


Edited by Servant of the Lord, 27 June 2013 - 11:55 AM.

It's perfectly fine to abbreviate my username to 'Servant' rather than copy+pasting it all the time.
All glory be to the Man at the right hand... On David's throne the King will reign, and the Government will rest upon His shoulders. All the earth will see the salvation of God.
Of Stranger Flames - [indie turn-based rpg set in a para-historical French colony] | Indie RPG development journal

[Fly with me on Twitter] [Google+] [My broken website]

[Need web hosting? I personally like A Small Orange]


Sponsor:

#2 cowsarenotevil   Crossbones+   -  Reputation: 2107

Posted 27 June 2013 - 12:11 PM

Phoenix is a company that makes firmware/BIOS. My guess would be you started seeing the logo do to an update or change to your BIOS.


-~-The Cow of Darkness-~-

#3 Servant of the Lord   Crossbones+   -  Reputation: 21183

Posted 27 June 2013 - 12:32 PM

Is there any way I can be sure?

I haven't explicitly installed any new hardware or drivers for at least two months.


It's perfectly fine to abbreviate my username to 'Servant' rather than copy+pasting it all the time.
All glory be to the Man at the right hand... On David's throne the King will reign, and the Government will rest upon His shoulders. All the earth will see the salvation of God.
Of Stranger Flames - [indie turn-based rpg set in a para-historical French colony] | Indie RPG development journal

[Fly with me on Twitter] [Google+] [My broken website]

[Need web hosting? I personally like A Small Orange]


#4 SimonForsman   Crossbones+   -  Reputation: 6323

Posted 27 June 2013 - 01:11 PM

Is there any way I can be sure?

I haven't explicitly installed any new hardware or drivers for at least two months.

 

The two most common bios vendors on the PC is probably Phoenix and AMI so seeing a phoenix logo on startup is quite normal.

 

If you suspect that you have a rootkit your best bet is to just backup your data and reinstall using a source you know is clean. (Detection and removal can be extremely difficult if you don't know what you are looking for or what your system should look like if it was clean)


Edited by SimonForsman, 27 June 2013 - 01:11 PM.

I don't suffer from insanity, I'm enjoying every minute of it.
The voices in my head may not be real, but they have some good ideas!

#5 frob   Moderators   -  Reputation: 22783

Posted 27 June 2013 - 01:28 PM


If you suspect that you have a rootkit your best bet is to just backup your data and reinstall using a source you know is clean.
^^ this.

 

It is easier in a corporate environment where machines are formatted regularly, but it applies in home computers just as much.

 

When it comes to rootkits the meme is correct:  Nuke it from orbit. It's the only way to be sure.


Check out my book, Game Development with Unity, aimed at beginners who want to build fun games fast.

Also check out my personal website at bryanwagstaff.com, where I write about assorted stuff.


#6 SimonForsman   Crossbones+   -  Reputation: 6323

Posted 27 June 2013 - 01:37 PM

 


If you suspect that you have a rootkit your best bet is to just backup your data and reinstall using a source you know is clean.
^^ this.

 

It is easier in a corporate environment where machines are formatted regularly, but it applies in home computers just as much.

 

When it comes to rootkits the meme is correct:  Nuke it from orbit. It's the only way to be sure.

 

 

http://www.youtube.com/watch?v=a88Z7YOh_us


I don't suffer from insanity, I'm enjoying every minute of it.
The voices in my head may not be real, but they have some good ideas!

#7 Servant of the Lord   Crossbones+   -  Reputation: 21183

Posted 27 June 2013 - 07:11 PM

Alright, thanks. Weird that I never saw it before, but then again, it'd be weird for a rootkit to advertise itself on the victim's machine.

Just to be on the safe side, I'll reformat.


It's perfectly fine to abbreviate my username to 'Servant' rather than copy+pasting it all the time.
All glory be to the Man at the right hand... On David's throne the King will reign, and the Government will rest upon His shoulders. All the earth will see the salvation of God.
Of Stranger Flames - [indie turn-based rpg set in a para-historical French colony] | Indie RPG development journal

[Fly with me on Twitter] [Google+] [My broken website]

[Need web hosting? I personally like A Small Orange]


#8 TheChubu   Crossbones+   -  Reputation: 4793

Posted 27 June 2013 - 07:23 PM

IMHO, Phoenix bios logo.

 

If you google "phoenix rootkit" you only get rootkits that target phoenix bios (just what you'd get if you googled "american megatrends rootkit" and so on), not a rootkit named phoenix.

 

Besides, looks like if you ever have a bios rootkit, you'd need to throw away the motherboard...


Edited by TheChubu, 27 June 2013 - 07:25 PM.

"I AM ZE EMPRAH OPENGL 3.3 THE CORE, I DEMAND FROM THEE ZE SHADERZ AND MATRIXEZ"

 

My journals: dustArtemis ECS framework and Making a Terrain Generator


#9 Servant of the Lord   Crossbones+   -  Reputation: 21183

Posted 27 June 2013 - 09:09 PM

Seems like I'm just being paranoid then. laugh.png

Back to coding, I guess!


It's perfectly fine to abbreviate my username to 'Servant' rather than copy+pasting it all the time.
All glory be to the Man at the right hand... On David's throne the King will reign, and the Government will rest upon His shoulders. All the earth will see the salvation of God.
Of Stranger Flames - [indie turn-based rpg set in a para-historical French colony] | Indie RPG development journal

[Fly with me on Twitter] [Google+] [My broken website]

[Need web hosting? I personally like A Small Orange]


#10 Bacterius   Crossbones+   -  Reputation: 9299

Posted 27 June 2013 - 09:58 PM

Also I will just note that computer monitors are sometimes not ready to display the BIOS startup screen before it goes away. Often when I boot I rarely see the startup screen on my left monitor as it takes a few moments to adjust its resolution, but occasionally I get a glimpse right before it disappears. The right monitor is faster and always displays it.

 

I suppose that applies to laptop screens too, so that could be the reason you saw that logo for the first time.


The slowsort algorithm is a perfect illustration of the multiply and surrender paradigm, which is perhaps the single most important paradigm in the development of reluctant algorithms. The basic multiply and surrender strategy consists in replacing the problem at hand by two or more subproblems, each slightly simpler than the original, and continue multiplying subproblems and subsubproblems recursively in this fashion as long as possible. At some point the subproblems will all become so simple that their solution can no longer be postponed, and we will have to surrender. Experience shows that, in most cases, by the time this point is reached the total work will be substantially higher than what could have been wasted by a more direct approach.

 

- Pessimal Algorithms and Simplexity Analysis


#11 Servant of the Lord   Crossbones+   -  Reputation: 21183

Posted 28 June 2013 - 12:50 AM

I use a desktop, with a LCD monitor. The screen in question appeared inbetween the DELL startup screen and the Windows startup screen.


It's perfectly fine to abbreviate my username to 'Servant' rather than copy+pasting it all the time.
All glory be to the Man at the right hand... On David's throne the King will reign, and the Government will rest upon His shoulders. All the earth will see the salvation of God.
Of Stranger Flames - [indie turn-based rpg set in a para-historical French colony] | Indie RPG development journal

[Fly with me on Twitter] [Google+] [My broken website]

[Need web hosting? I personally like A Small Orange]


#12 SimonForsman   Crossbones+   -  Reputation: 6323

Posted 28 June 2013 - 01:07 AM

I use a desktop, with a LCD monitor. The screen in question appeared inbetween the DELL startup screen and the Windows startup screen.

 

it could possibly also just be caused by something slowing down POST, degrading or damaged hardware for example.


Edited by SimonForsman, 28 June 2013 - 01:12 AM.

I don't suffer from insanity, I'm enjoying every minute of it.
The voices in my head may not be real, but they have some good ideas!

#13 froop   Members   -  Reputation: 636

Posted 28 June 2013 - 03:26 AM

maybe that screen was turned off in bios but your bios resetted itself for some reason (mainboard battery empty or something). just a wild wild guess.






Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS