Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hacktool.Rootkit


  • Please log in to reply

#1
gamevampy

gamevampy

    New Member

  • Member
  • Pip
  • 2 posts
tried already the whole evening to find something,
but no result...
found this forum,
and saw everyone gets helped, so hope you can solve my prob aswell

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Hacktool.Rootkit
File: C:\Documents and Settings\Eigenaar\msdirectx.sys
Location: Quarantine
Computer: VAMPY
User: Eigenaar
Action taken: Quarantine succeeded : Access denied
Date found: zaterdag 24 september 2005 0:36:46



Logfile of HijackThis v1.99.1
Scan saved at 0:34:50, on 24/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\mswin32.pif
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eigenaar\Bureaublad\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MS System Security] mswin32.pif
O4 - HKLM\..\RunServices: [MS System Security] mswin32.pif
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MS System Security] mswin32.pif
O4 - HKCU\..\RunServices: [MS System Security] mswin32.pif
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3F3EB0D-B7BC-4700-B798-BF49C0FECB93}: NameServer = 193.74.208.65 193.121.171.135
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SYS MANAGER (system) - Unknown owner - C:\WINDOWS\SYSWIN32.EXE (file missing)

Edited by gamevampy, 23 September 2005 - 04:37 PM.

  • 0

Advertisements


#2
gamevampy

gamevampy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
i kept searching,
and did every step from other topics,
the one who fixed it (till now its fixed tho..) is F-Secure Blacklight Beta
it found a threat, i renamed it, restarted pc,
and gone was the [bleep] virus.

09/24/05 11:55:56 [Info]: BlackLight Engine 1.0.23 initialized
09/24/05 11:55:56 [Info]: OS: 5.1 build 2600 (Service Pack 1)
09/24/05 11:55:56 [Note]: 4019 0
09/24/05 11:55:56 [Note]: 4019 1
09/24/05 11:55:56 [Note]: 4019 2
09/24/05 11:55:56 [Note]: 4019 3
09/24/05 11:55:56 [Note]: 4019 4
09/24/05 11:55:56 [Note]: 4005 0
09/24/05 11:55:57 [Note]: 4006 0
09/24/05 11:55:57 [Note]: 4011 1220
09/24/05 11:55:57 [Note]: 4018 1188
09/24/05 11:55:57 [Info]: Hidden process: C:\WINDOWS\System32\xpjava.exe
09/24/05 11:55:57 [Note]: FSRAW library version 1.7.1011
09/24/05 11:56:32 [Note]: 4007 0


i will do a full systemscan now,
but i think its fixed.

Edited by gamevampy, 24 September 2005 - 04:09 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP