Spyware Warrior

[Namanoi]

Hey all - there is a new removal tool for the nasty rootkit/spyware gromozon.

It also cleans linkoptimizer (realted to gromozon?) which is useful.

http://www.prevx.com/gromozon.asp

I couldn't get gmer or icesword to work, so, this was a good alternative

[fcukdat]

Hi Namanoi and welcome to the SWW forums

I have tested the free PrevX tool against 2 Gromozon RK variants and it has sucessfully detected and removed on both occaisons

The reason why a lot of the other rootkit apps are missing this one is that RK in question borks the SeDebug priviledges and the softwares fell to run.I believe or though i cannot confirm that the PrevX tool resets those priviledges to bypass this problem

Heres lots of additional information appertaining to this threat which was discovered back in May/June 06 but is probaly the one of the most unpleasent infections todate

Excellent Technical write up by Marco Guiliano
http://pcalsicuro.phpsoft.it/gromozon.pdf

Excellent historical discussion topic on the emergence of this threat by TNT
http://www.wilderssecurity.com/showthread.php?t=136452

Also discussed at this thread over at BBR security forums
http://www.dslreports.com/forum/remark,16769641~mode=flat


On a personal note one of the vendors(SUPERantispyware)that i fast track malware submissions too also have a free software that not only detects and neuters the Gromozon rootkit but also slices and dices the associated imported malware infections todate* that i have submitted(200+ inthe last 2 weeks alone)
http://www.superantispyware.com/

*Since about last weekend the infecting URLS have not been spitting out new variants of payloads but as with all def based software,SAS will only detect what is in their database so for a new disclaimer YMMV if something new comes down the pipes

Back to PrevX tool