Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hacktool.Unreal.A - Rootkit.Win32.Agent.Gv

Started by allie17 , May 31 2009 03:17 PM

  • Please log in to reply

#1
allie17
Posted 31 May 2009 - 03:17 PM

allie17

    New Member

  • Member
  • Pip
  • 1 posts
Hi, I'm only 17 so I'm afraid I do not know all the technical terms for my problem.
I have Norton 360 Antivirus software, and every few days I run a scan for threats. It keeps finding tracking cookies, and when I looked at the processes it was scanning I notcied that not only did it go through things like my music, but also something called 'Hacktool.Unreal.A', as if it was one of my programmes. I looked online and found it was also known as 'Rootkit.Win32.Agent.Gv'. I then used the rootkit detector and here's the report:

Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:52430 Mo/Free:1414 Mo)
D:\ [Fixed] - NTFS - (Total:19053 Mo/Free:2604 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

31/05/2009|21:59

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\eHome\ehRecvr.exe
---------- C:\WINDOWS\eHome\ehSched.exe
---------- C:\Program Files\Kontiki\KService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Linksys Wireless AG USB Wireless Network Monitor\WLService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe
---------- C:\Program Files\Linksys Wireless AG USB Wireless Network Monitor\WUSB54AG.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\ehome\mcrdsvc.exe
---------- C:\WINDOWS\ehome\ehtray.exe
---------- C:\WINDOWS\eHome\ehmsas.exe
---------- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
---------- C:\Program Files\HybridTM_IR(A)\RC620_A.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\Program Files\Creative\Mixer\CTSVolFE.exe
---------- C:\WINDOWS\stsystra.exe
---------- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
---------- C:\Program Files\Kontiki\KHost.exe
---------- C:\Program Files\Logitech\Video\LogiTray.exe
---------- C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
---------- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
---------- C:\WINDOWS\system32\LVComS.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\QuickTime\QTTask.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
---------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
---------- C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
---------- C:\WINDOWS\system32\dllhost.exe
---------- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Windows Live\Contacts\wlcomm.exe
---------- C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\Norton 360\ScanStub.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - 31/05/2009|22:00

----------------------\\ Scan completed at 22:00


I would be really grateful if someone could help me get rid of this rootkit, and explain it to me in layman's terms.
Thanks so much
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP