Gootkit

The Gootkit malware places obfuscated malicious JavaScript into a website’s web pages. To clean the website, the website needs to be reverted to a clean backup or the malicious code needs to be removed from the web pages and or JavaScript files. The malware gains access to the website through FTP credentials that have been compromised by malware located on a computer that has accessed the website via FTP and is known as to “Gootkit auto-rooter scanner”.To prevent the website from being reinfected the FTP password needs to be changed and the malware removed from the infected computer before it used again to again to access the website via FTP.

How to Remove GootKit from Your Computer

To completely purge GootKit from your computer, you need to delete the files, folders, and Windows registry keys, and registry values associated with GootKit. These files, folders, and registry keys are respectively listed in the Files, Folders, Registry Keys, and Registry Values sections on this page.

For instructions on deleting the GootKit registry keys and registry values, see How to Remove GootKit from the Windows Registry.

For instructions on deleting the GootKit files and folders, see How to Delete GootKit Files (.exe, .dll, etc.) How to Delete GootKit Files (.exe, .dll, etc.)

The files and folders associated with GootKit are listed in the Files and Folders sections on this page.

To delete the GootKit files and folders:

  1. Using your file explorer, browse to each file and folder listed in the Folders and Files sections.
     Note: The paths use certain conventions such as [%PROGRAM_FILES%]. These conventions are explained here.
  2. Select the file or folder and press SHIFT+Delete on the keyboard.
  3. Click Yes in the confirm deletion dialog box.

IMPORTANT: If a file is locked (in use by some application), its deletion will fail (the Windows will display a corresponding message).You can delete such locked files with the RemoveOnReboot utility. To delete a locked file, right-click on the file, select Send To->Remove on Next Reboot on the menu, and restart your computer. You can install the RemoveOnReboot(http://www.exterminate-it.com/downloads/RemoveOnRebootSetup.exe) utility from here.

    For More Information Refer:

    http://www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp

    http://www.exterminate-it.com/malpedia/remove-gootkit
Advertisements
  1. I can only like it if I am a wordpress member? Absurd.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: