• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Rootkit-ed a folder...how to undo...

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

JenBell

Member
Joined
Apr 18, 2004
Location
UK...London...
Hello People...

Ok, so I am learning about security and managed to be stupid enough to start playing around with rootkits.

The thing is that I was doing all this in vmware and managed to break into the host OS...which was soooooooooo awesome:clap:

My breakthrough was shortlived...at around 5am I was one half awake and still playing around with a rootkit I had complied on the fly. It was was suppose to hit one of the pics in my main pics folder but instead it hid the whole folder. I then went about undoing it...and...er...its not undoing it. I went to all the rootkit websites trying to look for an answer but still...nothing...I then thought I would use the dos program pgsx of whatever its called to just remove the folder entirely but thats not working as well.
I can see the files and folder in rootkitrevealer and thats about it.

I know I was stupid...I had no idea what I was doing and have one totally forgotten the actual program, the code and everything else related to it. I was so sleepy I just closed everything in the vmware without saving a snapshot...meaning...I have no info about anything I did...so...er...:eh?:

Can anyone give me any tips? I just want to remove the folder totally...nothing seems to be working...

On the plus side...this rootkit stuff is so kool...started working on a "kitkey"...plug usb key into PC and it should give u system-level privileges instantly. I am basing it on buggy virtualisation crap they are putting into the new cpus...

Anyways...can someone please help me with my problem?

Thank u soooo much:-/
 
damn....all I remember is looking at soooo many websites looking for an example of some sort of code and I think I found it, altered it...pasted it in...compiled the thing and ran it without thinking...that damn problem is that I JUST forgot to save the code for the program...or the program itself...which I stupidly deleted...ah...if the folder size was small I would not mind but that folder is close to 300GB in size...loosing the pics is not a problem as one of my nas HDs has a copy and I can stream by back....knowing u are wasting 300Gb is painful...its actually [starts crying]
 
sry for DPosting...

Ok...so in case anyone else is stupid enough to make the same mistake as me...

I got rid of the problem by hooking hiding the drive itself. I had to do this as the folder was on the root of the drive. Once I hid the drive I then went about using the folder a place to store files. Once I was able to write files to the folder I just did a select all and delete and removed the files inside the folder. This then allowed the folder to be hidden using some code I find on rootkit.com and from there it was all done.

Really stupid...never going to play with rootkits unless I am totally awake and saved everything.

Anyway...ending my adventures with kits...moving onto privilege esc...should be fun...already managed to break into my test PC using nothing but few standard dos cmds...oooo....dont u just love the at cmd?
 
Back