back to article Malware removes rival rootkits

Miscreants have created a strain of malware capable of removing rootkits from compromised PCs, only to install almost undetectable backdoor code of its own. The Pandex Trojan stops previously installed rootkits from working by removing their hooks into system calls. Pandex then installs its own rootkit component, detected by …


This topic is closed for new posts.
  1. Paul Fleetwood

    If these clever malware people can surplant each others trojans

    why the hell do the anti-virus companies seem to find tracing them and removing them so tricky?

  2. amanfromMars Silver badge

    Clever and QuITe a Bit SMARTer than you Imagine, and ITs True.

    "why the hell do the anti-virus companies seem to find tracing them and removing them so tricky?"

    Because they are Virtually Invisible, Indivisible and Untouchables, Paul, and Fleet of Code HeXXXXSS.

    QuITe a Triumph, Actually .......

    Hi. Ready for AI Trip ...... Magical Mystery Turing? El CIDs 42 Lead ITS Following

    CIDs ..... CyberIntelAIgent Information Devices ....... which is only a Hop, Skip and a Quantum Leap from Alien Beings. :-) ..... who may be Long Lost Friends .... Kindred Souls.

  3. Jolyon Ralph

    Call me a cynic but...

    The less effective the AV software is, the more trouble that AV threats cause, and the greater the demand for AV software.

  4. David Perry
    Dead Vulture

    Because, Paul...

    ...sometimes enthusiasts will spend far more time than people paid to do the same thing.

  5. Anonymous Coward
    Anonymous Coward

    I must be too honest...

    ...coz if i'd created code that could disable rootkits I'd either sell it to the highest AV/AR bidder or negotiate a tasty slice of the advertising revenue they'd get from downloads, of course first thing I'd do is hire a damn good lawyer(s) to protect it all.

    I understand you could make some nice money from installing malicious root kits on people's PCs but I think I could live with a healthy amount from some top AV player, plus I wouldn't then be a frikin thief.

    Any thoughts/views? Be kind comrades...

  6. Anonymous Coward

    If anti-virus vendors could trace and remove them...

    ...why can't OS vendors prevent them in the first place, or at least make the OS-self healing when a rootkit tries to insinuate itself?

  7. Daniel B.

    Yankee Doodle

    Ah, this trend seems to go back all the way down to the 80's, when the "Yankee Doodle" virus started killing others: Cascade and Ping-Pong, at least. And some ingenious virus that was, as it "re-wrote" the virii so they would self-destruct, actually.

    Some AV's had an alternate name for it, as "VACSINA" which meand Vaccine in ... some other language. As a plus, the virus would play "Yankee Doodle" every now and then on your PC speaker =)

  8. Jaap Stoel

    Run out of territory

    So hackers are now out of computers they can easily infect. Unsecured systems are now almost all incorporated into botnets. So if a hacker wants a (bigger) botnet. He has no choice but to steal it from another hacker.

    Now we've got war, soon we will have diplomatic relations.

  9. lglethal Silver badge

    The War of the Worms

    Not quite the same ring to it as War of the Worlds.

    How about The Malware Malefaction? Battle of the Bots? Rise of the One True Zombie Horde?

    And if they ever get diplomatic

    The United Rootkits of Malware?

  10. penno

    well, it's not really apples with apples

    av vendors have to ensure the PC is still fine after it removes the virus. Whereas virus writers don't *really* care if the PC still works, so they can employ harsher removal methods than the AV products can. If the PC dies during the removal process - who cares - as long as most of 'em still work.

  11. Richard

    Good Guys

    Relax folks.

    There are also online teams dedicated to detecting and removing rootkits, and the tools created to remove the rootkits are shared across all the online anti-malware forums.

    Remember Grozomon? pe386?? All detected and removed via these online forums.

  12. amanfromMars Silver badge

    Beta Guys, Folks, in Big Chill Relax

    "All detected and removed via these online forums." .... By Richard Posted Friday 29th February 2008 09:12 GMT.


    They may have just moved Underground to ReGroup and Grow........ and that would be Counter-Productive unless, of course, they were Sleeper White Knight Trojans.

  13. Gabor Laszlo

    What do you call two crackers fighting for control of a zombied machine?

    Sudo wrestling.

  14. Anonymous Coward
    Anonymous Coward

    <no title>

    Shows how much I know. Since specific downloads to spot rootkits had seemed to have all but disappeared, I had assumed the AV companies now had this under control (or as much control as anyone can re malicious software). So that's not the case then ? Folk have simply given up ? So how does one know if the slow PC response is down to a rootkit or just the usual Windows problems ?

  15. amanfromMars Silver badge

    I Kid U Not.

    "So how does one know if the slow PC response is down to a rootkit or just the usual Windows problems ?"

    One doesn't, AC. That is ITs Stealthy Grace. If you want to Imagine anything, consider IT, a Binary AIDS VXXXXine ....... Right to the Heart of Man's Woes and Follies........ The Pleasure and the Pain in ITs Not Giving ....... The Ultimate Betrayal to Oneself which Denies One the Keys to the Kingdom Castle....... Seventh Heaven, Global Communications HQ.

  16. Anonymous Coward
    Anonymous Coward

    Spy vs. Spy

    A battle between the White Spy and the Black Spy.Who Will Win?

This topic is closed for new posts.