Norton Rootkit

0 views
Skip to first unread message

Eddie Boyum

unread,
Aug 3, 2024, 5:45:06 PM8/3/24
to mauriacosri

Computer viruses and malware are serious threats, but rootkits might be the most dangerous, both in the damage they can cause and the difficulty in finding and removing them. Read on to learn how to tell if a rootkit has infected your device and the steps to remove it. Better yet, install Norton 360 Deluxe to help protect yourself against rootkits and other types of malware.

Rootkits are malware designed to let malicious code hide within your device. While they may not be doing obvious damage to your system, rootkits give cybercriminals the ability to remotely control your operating system without detection, putting your network and personal information at risk.

A user-mode rootkit operates at the user level of an operating system. Unlike kernel-mode rootkits that target the operating system's core components, user-mode rootkits focus on manipulating or undermining specific applications or processes running on the system.

Application rootkits target programs at the application layer of a computer system, giving hackers access to your computer every time you use a compromised app. They replace standard files in your computer with rootkit files that may slightly change how infected applications work. The challenge here is that the infected programs will still largely run normally, making it difficult for users to detect the rootkit.

Sometimes, you may need to seek help from a cybersecurity professional to fully remove the malware and restore your system. And that's where Norton Power Eraser comes in, a dedicated anti-malware tool that can help remove malware from your device.

Implement a regular data backup strategy to ensure you have copies of your important files. In the event of a rootkit infection or any other security incident, having backups can help you restore your system to a clean state without losing essential documents.

The best way to help protect yourself from drive-by downloads is to approve computer software updates quickly. Set your operating system, browsers, and all applications to automatically install updates so your computer systems will always have the most up-to-date protections.

Install and maintain a reliable antivirus/anti-malware program that offers real-time scanning and malware detection capabilities. Norton AntiVirus Plus is powered by AI and machine learning technology to help identify and block even the latest threats.

Whether designed by cybercriminals or large government agencies, rootkits have been one of the most dominant cybersecurity threats since the late 90s. Here are a few of the most notorious examples of rootkits:

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.

I am a senior citizen (81 years old) who, for the most part, has NOT used the majority of the features on my HP laptop (such as Corona, Widgets, and 99% of the Apps). This has recently changed due to malware ending up on my laptop.

I bought my laptop from BestBuy, and while in store, asked GeekSquad to install Norton & MBAM Premium on my new HP laptop. My understanding is is that they had to disable Microsoft Windows Defender (Firewall & AV), hence could this account for the fact that I CANNOT turn on Memory Integrity? (as the security has been outsourced to Norton & MBAM)

I have recently paid my ISP to swap out my Modem & Router for new firmware (replacement Modem & Router) plus new SSID and Wi-Fi password. I changed some of the passwords on my laptop on evening (late at night) and therefore had to restart my HP laptop...because it was late at night I forgot to reconnect to the Wi-Fi network when I shut down my laptop (I was very tired). The next morning I noticed that my laptop was NOT connected to the Wi-Fi network over night...does this make my laptop more vulnerable to attack?

What is your computer make/model, Windows operating system [if Win 10 or Win 11 please include the edition (e.g., Home, Pro, S mode, etc.], version (e.g., 21H2, 22H2, etc.) and the OS build number shown at Settings System About Windows Specifications] and what type of CPU do you have in your computer?

If you are able to toggle the switch for Memory Integrity on but it reports that you have an incompatible driver during the driver check, that support article also notes that it should list the responsible driver. In many cases a simple driver update will solve this problem.

"Turning on the Memory integrity setting would block these incompatible drivers from loading. Because blocking these drivers might cause unwanted or unexpected behaviors, the Memory integrity setting is turned off to allow these drivers to load."

"If you want to restore the Memory integrity setting, you can try to resolve a driver incompatibility by seeing if an updated and compatible driver is available through Windows Update or from the driver manufacturer. Microsoft does not recommend that you delete drivers to attempt to restore this setting."

According to the Brother support article "A driver cannot load on this device - BrUsbSib.sys" or "Failed to connect to the device", you must uninstall your Brother printer software, enable Core Isolation, and then re-install the Brother printer software recommended on the support page for your printer model.

Well, as it would appear, I ONLY have a desk top icon (short cut) Brother Printer Driver left (not listed under Start - all APPS), hence do I right click on said icon in order to remove Brother from my HP laptop completely?

Well, as it would appear, I ONLY have a desk top icon (short cut) Brother Printer Driver left (not listed under Start - all APPS), hence do I right click on said icon in order to remove Brother from my HP laptop completely?...

That's difficult for me to answer since I don't know if your computer originally shipped with Windows 10 or Windows 11 or how you "reset" your Windows 11 OS. Did you perform a repair as instructed in the ElevenForums tutorial Repair Install Windows 11 With an In-place Upgrade and keep all your third-party apps, or did you reset your computer as instructed in the ElevenForums tutorial Reset Windows 11 PC ? If you reset your computer using the "Keep my Files" option I assume this would still have removed all your third-party apps, including Norton, Malwarebytes, your Brother printer software, etc. that were not installed on your computer when it originally shipped from the factory.

If you reset your computer did you reinstall your Brother software afterwards, and are you currently able to control your printer from your computer? For example, can you open a .DOCX or .PDF file, choose File Print, and select your Brother printer from the list of available printers to send it to your printer for printing? If I open a .PDF document in my Firefox browser for example, and go to File Print, I have the option of printing the document to my Epson XP-7100 printer. If you removed or damaged your Brother printer software during the reset that might explain why Core Isolation is now detecting a problem with your BrUSBSib.sys driver during the driver check.

What is your printer model? If you go to the Brother support site for home users at -usa.com/brother-support/driver-downloads and enter your printer model it should re-direct you to the correct support page for your printer model, and the FAQ and Troubleshooting section might include a support article that includes the best way to uninstall your printer software. I don't have a Brother printer, but I would assume the best place to uninstall your printer software (assuming it's currently installed) would be from Control Panel Programs Programs and Features.

I, currently, don't need the use of my Brother printer, yet I do need "sound of mind" when it comes to cyber security (ergo the last remnant of Brother on my HP laptop has got to GO Away and make space for Core Insulation/Memory Integrity to work again...priority One).

For now my best guess is that your Windows 11 reset removed or damaged your Brother software files and left behind remnants like your BrUSBSib.sys driver that are now interfering with activation of Memory Integrity.

As a first troubleshooting step I would suggest that you reinstall your Brother software from the support page for your Brother printer model. That might not get your printer working again (you mentioned you recently replaced your router so if you normally print via a wireless connection instead of connecting with a USB cable you might have to re-configure the wireless connection to your printer) but it's possible that a software reinstall will stop Memory Integrity from complaining about your BrUSBSib.sys driver. If Memory Integrity still complains about your BrUSBSib.sys driver after your Brother software is reinstalled you should at least be able to uninstall the software (and hopefully the problem Brother driver) properly this time using your Brother Utilities app or Control Panel Programs Programs and Features.

Just an aside, but I've had a quick read through some of your older threads and can't see any definitive proof that your poor computer performance was caused by a malware infection that somehow managed to get past both Norton 360 and Malwarebytes Premium. In future if you suspect you have a hidden malware infection it would be much better to ask a trained malware removal specialist to check your system before you do anything as drastic as resetting your system or changing your router. There are a few reputable free malware removal sites that will do this, but since you have Malwarebytes Premium installed on your system I'd suggest posting in Malwarebytes' Windows Malware Removal Help & Support board first (see the instructions for collecting diagnostic logs for your original post) and ask them to look for hidden malware if you ever encounter another "demonic possession".

Also note that Memory Integrity is normally disabled on Win 10 computers, and while it's nice to have this feature enabled to prevent the installation of older drivers that are not compatible with your operating system and might cause system instability I'm not sure this should be your top priority. My image below shows that my Win 10 Pro v22H2 laptop does not have Memory Integrity automatically turned on even though my Intel Core i5-8265U CPU has hardware virtualization enabled, and that Kernel DMA Protection (also known as Memory Access Protection) is not even available on my two-year-old computer. If you have a reputable antivirus (which you do with Norton 360, and you've added an extra layer of protection with Malwarebytes Premium) then I personally would be more concerned about getting your printer working than enabling Memory Integrity - at least for now. Don't let an obsession about computer security ruin the enjoyment of using your new computer.

c80f0f1006
Reply all
Reply to author
Forward
0 new messages