Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Outgoing Queries to Malicious Web Sties Suspected Rootkit


  • Please log in to reply

#1
Don Peters

Don Peters

    New Member

  • Member
  • Pip
  • 1 posts
running Zone Alarm Pro on Windows XP Pro SP3 using IE8 behind a router

ran combofix which deleted the followiing
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\DAVID\WINDOWS
c:\windows\system32\drivers\etc\lmhosts

I then ran Avira and Malwarebyts which both detected nothing. However when I ran Root Repeal there were many hooks to Zone Alarm's vsdatant.sys file. I don't know if these are false positives or what. But some program is still trying to open a port to a malicious web site usually in China, Russia or Maldova. It is detected by malwarebytes anti-malware program before it can get out. I don't know how to use or interpert the root repeal program so I have to ask for your help.

Attached Files


Edited by Don Peters, 27 June 2011 - 07:46 AM.
moved to Malware forum--ST

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP