Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Outgoing Queries to Malicious Web Sties Suspected Rootkit

Started by Don Peters , Jun 26 2011 10:17 PM

  • Please log in to reply

#1
Don Peters
Posted 26 June 2011 - 10:17 PM

Don Peters

    New Member

  • Member
  • Pip
  • 1 posts
running Zone Alarm Pro on Windows XP Pro SP3 using IE8 behind a router

ran combofix which deleted the followiing
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\DAVID\WINDOWS
c:\windows\system32\drivers\etc\lmhosts

I then ran Avira and Malwarebyts which both detected nothing. However when I ran Root Repeal there were many hooks to Zone Alarm's vsdatant.sys file. I don't know if these are false positives or what. But some program is still trying to open a port to a malicious web site usually in China, Russia or Maldova. It is detected by malwarebytes anti-malware program before it can get out. I don't know how to use or interpert the root repeal program so I have to ask for your help.

Attached Files


Edited by Don Peters, 27 June 2011 - 07:46 AM.
moved to Malware forum--ST

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP