Sign in to follow this  
Servant of the Lord

How can I check if my computer has a rootkit on it?

Recommended Posts

I have Microsoft Security Essentials and Spybot Search and Destroy on my computer already, and Windows is set to automatically downloads updates. I'm currently having MSSE and Spybot S&D do full scans.

 

This morning when I started up, after the Dell startup screen, but before the Windows startup screen, the screen turned black and in the corner was a small logo and the word (I think) "Pheonix". It was only up for half a second, but I've never seen that screen before.

 

If it is a rootkit, it's pretty dumb of them to display something onscreen during startup. laugh.png

If it's not a rootkit, how come I've never seen it before until this morning? I've booted up my computer loads of times in the past, and have several times went into the bios or safe mode, and I've never saw that screen before.

Usually, I just turn on my computer and walk away for about a minute so Windows can start up, so that might explain missing that screen some of the time, but perhaps not all the time.

 

How can I check if something's on here? Can I see it in the BIOS somehow? What do you think it was?

Edited by Servant of the Lord

Share this post


Link to post
Share on other sites
SimonForsman    7642

Is there any way I can be sure?

I haven't explicitly installed any new hardware or drivers for at least two months.

 

The two most common bios vendors on the PC is probably Phoenix and AMI so seeing a phoenix logo on startup is quite normal.

 

If you suspect that you have a rootkit your best bet is to just backup your data and reinstall using a source you know is clean. (Detection and removal can be extremely difficult if you don't know what you are looking for or what your system should look like if it was clean)

Edited by SimonForsman

Share this post


Link to post
Share on other sites
frob    44902


If you suspect that you have a rootkit your best bet is to just backup your data and reinstall using a source you know is clean.
^^ this.

 

It is easier in a corporate environment where machines are formatted regularly, but it applies in home computers just as much.

 

When it comes to rootkits the meme is correct:  Nuke it from orbit. It's the only way to be sure.

Share this post


Link to post
Share on other sites
SimonForsman    7642

 


If you suspect that you have a rootkit your best bet is to just backup your data and reinstall using a source you know is clean.
^^ this.

 

It is easier in a corporate environment where machines are formatted regularly, but it applies in home computers just as much.

 

When it comes to rootkits the meme is correct:  Nuke it from orbit. It's the only way to be sure.

 

 

http://www.youtube.com/watch?v=a88Z7YOh_us

Share this post


Link to post
Share on other sites
TheChubu    9446

IMHO, Phoenix bios logo.

 

If you google "phoenix rootkit" you only get rootkits that target phoenix bios (just what you'd get if you googled "american megatrends rootkit" and so on), not a rootkit named phoenix.

 

Besides, looks like if you ever have a bios rootkit, you'd need to throw away the motherboard...

Edited by TheChubu

Share this post


Link to post
Share on other sites
Bacterius    13165

Also I will just note that computer monitors are sometimes not ready to display the BIOS startup screen before it goes away. Often when I boot I rarely see the startup screen on my left monitor as it takes a few moments to adjust its resolution, but occasionally I get a glimpse right before it disappears. The right monitor is faster and always displays it.

 

I suppose that applies to laptop screens too, so that could be the reason you saw that logo for the first time.

Share this post


Link to post
Share on other sites
SimonForsman    7642

I use a desktop, with a LCD monitor. The screen in question appeared inbetween the DELL startup screen and the Windows startup screen.

 

it could possibly also just be caused by something slowing down POST, degrading or damaged hardware for example.

Edited by SimonForsman

Share this post


Link to post
Share on other sites
froop    642

maybe that screen was turned off in bios but your bios resetted itself for some reason (mainboard battery empty or something). just a wild wild guess.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this