Earlier today a client called and said he had a virus or some spyware on his computer that could not be removed. The client was remote so I had to login to his computer to investigate. I used the typical tools such as Malwarebytes and Microsoft Security Essentials but the issue still existed. It seemed as if the computer had a proxy server configured but the proxy did not show underneath Internet Explorer connection settings or any of the other browsers. It didn’t happen all of the time but every now and then a pop up window would appear for the site GimmieAnswers.org and some other pop ups regarding “Daily Giveaway Contests” were also displaying. Below is more information on how the issue was resolved.
Yesterday I wrote an article about securing your /tmp and /var/tmp directories on a Linux server because I had found some files uploaded to the /tmp directory via the apache user. After locking down those directories I wanted to verify that there were no other issues on the server so I installed Rootkit Hunter and Rootcheck which are two applications that will assist you with verifying the integrity of your Linux server. Below is information on installing Rootkit Hunter and Rootcheck as well as information on how to use each of them effectively.