Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Remove Gromozon/LinkOptimizer

Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion
View previous topic :: View next topic  
Author Message

Joined: 02 Sep 2006
Last Visit: 02 Sep 2006
Posts: 1

PostPosted: Sat Sep 02, 2006 7:11 pm    Post subject: Remove Gromozon/LinkOptimizer Reply with quote

Hey all - there is a new removal tool for the nasty rootkit/spyware gromozon.

It also cleans linkoptimizer (realted to gromozon?) which is useful.


I couldn't get gmer or icesword to work, so, this was a good alternative Smile
Back to top
View user's profile Send private message
Warrior Addict

Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Sun Sep 03, 2006 3:17 am    Post subject: Reply with quote

Hi Namanoi and welcome to the SWW forums Smile

I have tested the free PrevX tool against 2 Gromozon RK variants and it has sucessfully detected and removed on both occaisons Smile

The reason why a lot of the other rootkit apps are missing this one is that RK in question borks the SeDebug priviledges and the softwares fell to run.I believe or though i cannot confirm that the PrevX tool resets those priviledges to bypass this problem Wink

Heres lots of additional information appertaining to this threat which was discovered back in May/June 06 but is probaly the one of the most unpleasent infections todate Evil or Very Mad

Excellent Technical write up by Marco Guiliano Big Thumb Up

Excellent historical discussion topic on the emergence of this threat by TNT Big Thumb Up

Also discussed at this thread over at BBR security forums

On a personal note one of the vendors(SUPERantispyware)that i fast track malware submissions too also have a free software that not only detects and neuters the Gromozon rootkit but also slices and dices the associated imported malware infections todate* that i have submitted(200+ inthe last 2 weeks alone)

*Since about last weekend the infecting URLS have not been spitting out new variants of payloads but as with all def based software,SAS will only detect what is in their database so for a new disclaimer YMMV if something new comes down the pipes Wink

Back to PrevX tool

It also cleans linkoptimizer (realted to gromozon?) which is useful.

Linkoptimizer is adware but this is the tip of the Iceberg with this infection.I have also seen imported&installed the following types of trojans by Gromozon infection
DOS Tool

Of which some were golden oldies,some were repackaged golden oldies and some newly emerging malware threats.When the infections were installed on the machine,some(not all) were hidden by the gromozon RK where as others were clearly visible.

Net result one very nasty infection if gained and personally reguardless of what tools are used it is my opinion that the infected computer needs major surgery to regain its security integrity before it can be trusted again, reformat & reinstall time Wink

Idea I've just found another mini-project for the todo list since i have licenses for both PrevX&SAS,i can see how their respective realtime defences deal with this batch of infections at point of delivery Wink
Malware hunter....Got Bot ?

MIRT Handler >>>
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion All times are GMT - 8 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group