Advertisement

How can I check if my computer has a rootkit on it?

Started by June 27, 2013 05:55 PM
11 comments, last by froop 11 years, 4 months ago

I have Microsoft Security Essentials and Spybot Search and Destroy on my computer already, and Windows is set to automatically downloads updates. I'm currently having MSSE and Spybot S&D do full scans.

This morning when I started up, after the Dell startup screen, but before the Windows startup screen, the screen turned black and in the corner was a small logo and the word (I think) "Pheonix". It was only up for half a second, but I've never seen that screen before.

If it is a rootkit, it's pretty dumb of them to display something onscreen during startup. laugh.png

If it's not a rootkit, how come I've never seen it before until this morning? I've booted up my computer loads of times in the past, and have several times went into the bios or safe mode, and I've never saw that screen before.

Usually, I just turn on my computer and walk away for about a minute so Windows can start up, so that might explain missing that screen some of the time, but perhaps not all the time.

How can I check if something's on here? Can I see it in the BIOS somehow? What do you think it was?

Phoenix is a company that makes firmware/BIOS. My guess would be you started seeing the logo do to an update or change to your BIOS.

-~-The Cow of Darkness-~-
Advertisement

Is there any way I can be sure?

I haven't explicitly installed any new hardware or drivers for at least two months.

Is there any way I can be sure?

I haven't explicitly installed any new hardware or drivers for at least two months.

The two most common bios vendors on the PC is probably Phoenix and AMI so seeing a phoenix logo on startup is quite normal.

If you suspect that you have a rootkit your best bet is to just backup your data and reinstall using a source you know is clean. (Detection and removal can be extremely difficult if you don't know what you are looking for or what your system should look like if it was clean)

[size="1"]I don't suffer from insanity, I'm enjoying every minute of it.
The voices in my head may not be real, but they have some good ideas!


If you suspect that you have a rootkit your best bet is to just backup your data and reinstall using a source you know is clean.
^^ this.

It is easier in a corporate environment where machines are formatted regularly, but it applies in home computers just as much.

When it comes to rootkits the meme is correct: Nuke it from orbit. It's the only way to be sure.


If you suspect that you have a rootkit your best bet is to just backup your data and reinstall using a source you know is clean.
^^ this.

It is easier in a corporate environment where machines are formatted regularly, but it applies in home computers just as much.

When it comes to rootkits the meme is correct: Nuke it from orbit. It's the only way to be sure.

[size="1"]I don't suffer from insanity, I'm enjoying every minute of it.
The voices in my head may not be real, but they have some good ideas!
Advertisement

Alright, thanks. Weird that I never saw it before, but then again, it'd be weird for a rootkit to advertise itself on the victim's machine.

Just to be on the safe side, I'll reformat.

IMHO, Phoenix bios logo.

If you google "phoenix rootkit" you only get rootkits that target phoenix bios (just what you'd get if you googled "american megatrends rootkit" and so on), not a rootkit named phoenix.

Besides, looks like if you ever have a bios rootkit, you'd need to throw away the motherboard...

"I AM ZE EMPRAH OPENGL 3.3 THE CORE, I DEMAND FROM THEE ZE SHADERZ AND MATRIXEZ"

My journals: dustArtemis ECS framework and Making a Terrain Generator

Seems like I'm just being paranoid then. laugh.png

Back to coding, I guess!

Also I will just note that computer monitors are sometimes not ready to display the BIOS startup screen before it goes away. Often when I boot I rarely see the startup screen on my left monitor as it takes a few moments to adjust its resolution, but occasionally I get a glimpse right before it disappears. The right monitor is faster and always displays it.

I suppose that applies to laptop screens too, so that could be the reason you saw that logo for the first time.

“If I understand the standard right it is legal and safe to do this but the resulting value could be anything.”

This topic is closed to new replies.

Advertisement