Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hacktool.rootkit [RESOLVED]


  • This topic is locked This topic is locked

#16
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
This is frustrating for me too !! It is to the point that we will remove it no matter how stubborn it is. I am not done until you are CLEAN !!

Some of those you can remove if you like.

Does the notification only come up when you run the game??
Is the game a download??
Did this start when you installed or downloaded the game??
Has it always been there??

Lets give this another try :

If you can, uninstall Renegade and delete all files associated with it.

Follow these instructions for Hacktool.Rootkit Removal exactly like Symantec outlines them.

Reboot back to Normal Mode

Let me know if the scan picks up the rootkit.

Edited by Linkmaster, 28 October 2005 - 07:08 AM.

  • 0

Advertisements


#17
LethaLady

LethaLady

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 23 posts
Hi! Yes the notifications only occur when I try to play the game. The game is renegade and I have to run renguard when I play on most servers online to detect game hackers. So renguard actually starts first then I run renegade from their page. This problem first occured on Oct 22. I played oct 21 with no problems. Now I cant even access the game. When I double click renegade I get 'error-loader cannot initialize service', then the norton notification. There doesnot seem to be anything else that is affected.


Also last night I ran search from the start menu and asked forthe location of svkp and it found it in windows/pc health/helpctr/datacollected four times with some numbers following the path. I opened the files and only found it in one of them even tho search siad it was in all four. Funny enough it was collected on October 21 the evening before I first discovered it, so it fits. I dont know if pc doctor was where it came from or if these files might refer to when the virus was identified by my system. I hope this gives us a clue. Another thing, there is another person on the forums "ShawnC" who has the exact same thing(he plays renegade also), maybe the person helping him has found a fix. ShawnC said he thought it could be in the renegade lobby. BUt as he is here for help its obvious that he wasnt able to fix it himself. I dont know how
much I'll get done on this tonight cause I worked today and have to get up early for work tomorrow.

Obvoiusly if I take renegade off I wont have the problem because thats the only time norton finds it, and maybe I can reinstall renegade and it might be fine(or not). OH YEAH! a few days before this all happened I was getting a balloon from an icon on the toolbar telling that there were files waiting to be written to a disc. I didnt do anything with that and it went away but someone else in the house could have allowed something to be written to the renegade disc. I hope these things may give you a clue as to how to rid me of the problem. I have your last instructions but let me knowfirst if these things I've told you might alter your instructions. Thanks
  • 0

#18
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
OK

Show Hidden Files :
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

**Turn off System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
Check "Turn off System Restore"
Click Apply, then click OK

Reboot to Safe mode
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter.

Open Windows Explorer and search again for svkp Delete all of the svkp instances you find.

While still in Safe Mode look for the _Restore folder and delete it

Reboot back to Normal Mode

**Turn ON System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
UN-Check "Turn off System Restore"
Click Apply, then click OK and Reboot

Let me know if it is gone !! Also I would be very leary running that game again. Sounds like one of the servers you were on was hacked.

Edited by Linkmaster, 28 October 2005 - 10:49 PM.

  • 0

#19
LethaLady

LethaLady

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 23 posts
I followed the instructions for the hacktool rootkit removal tool in symantec which amounts to running a norton scan in safe mode and it did not come up with anything but upon reboot it did a check on my disks for consistancy and fixed some stuff. I hadnt yet deleted renegade yet cause thats the only way norton could find the virus and frankly it IS my favorite game. Anyway aafter the scan I tried to start the game again and guess what? It still says that it cant initialize the service (wont run the game) but no virus notification!!!

do you still want me to do the last set of instructions you gaave? And yes... I think I will take the game off now since I cant play it anyway. Do we assume that the Hacktool is gone? Could it have been on the site that runs the game online instead of my computer?
  • 0

#20
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Yes, it is possible !!

Well if you are going to remove the game, do the last set of instructions after you remove the game. Let me know how things are running and I wil post some prevention tools for you !!
  • 0

#21
LethaLady

LethaLady

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 23 posts
I uninstalled the game and some of the other stuff that I downloaded during this fix. I forgot to tell you that before I ran Norton in safe mode I did a cleanup that I had downloaded a couple weeks ago when I had a trojan vundo and greyknight send me that cleanup tool. It found and fixed several things so I think that is probably what finally found the problem. When I ran windows explorer guess what it found? SVKP in system 32 just where it should have been all along. I dont think it had the virus anymore but I deleted it anyway.It was a driver for NT. What is NT anyway? Also an unlegacy icon is still on my desktop . What do I do with that? leave it alone? Should I now hide the hidden folders that I opened up yesterday and if so ...How? I guess everything is fine now but the whole problem was that I couldnt play renegade and now that we've gone through all of this I guess the problem is fixed but no renegade :tazz:
  • 0

#22
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
You can delete the unlegacy icon

Hide Files :
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading unselect Show hidden files and folders
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Is everything running ok now ??

color=purple]Here are a few tools that I recommend for protecting your system and keeping your system clean !![/color]

Real Time Prevention
SpywareBlaster

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.
IESpyad : This will add several hundred Restricted Sites to the Restricted site zone in IE.

Cleaner:
CCleaner is a good app to clean out temp files, cookies, recent folder(win2000) and Prefetch folder(XP), etc

Spyware Scanners:
Ad-aware SE Scans your system for spyware and other threats
a² Scanner : Scans for Malware and Trojans on your system.

Good Free Antivirus Programs:
AVG
Avast!
NOTE:Remember always have just 1 antivirus program running at a time. Having more than one running causes a conflict between the programs !! You can use one as a backup to run manually

Windows Update:
It's also very important to keep your system up to date to avoid unnecessary security risks
Windows Update

Firewalls:
If you have an "always on " internet connection, such as DSL or Cable, I recommend a Firewall.
A firewall will make your pc invisible to the outside world and will filter the outgoing and incoming traffic on your pc.
For a good idea of how vulnerable your system(s) are go to GRC
Scroll down to "Shields Up" Click on "Proceed" Then click on "Common Ports"to scan your ports.
2 very good Firewalls:
Sygate
ZoneAlarm

These next steps are optional, but will provide the greatest protection
Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness.
Alternative Browsers:
FireFox
Opera

Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the HijackThis folder if everything is working okay.

Always keep your Antivirus & Spyware Removal Tools current with the latest definitions and updates !!

Using these tools and keeping them updated will reduce the risk of future infections!!

Edited by Linkmaster, 30 October 2005 - 02:14 AM.

  • 0

#23
LethaLady

LethaLady

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 23 posts
I just got through reinstalling the renegade game and then visited the renguard website to download that so I can play on servers who require it. They have a thread on theHacktool rootkit. They say that Norton identified SVKP.sys as a virus because some hackers use it but so do some legitimate programs so the problem is supposedly a norton problem and that we should just restore from the norton quarentine list. Its too late for me to try that fix since we did all the other stuff. I havent been able to reinstall renguard again, it may just be something I did wrong on install...or did we do something to keep SVKP from being allowed on my computer? Anyway I thought that this info might be useful to you and the other techs there trying to help other ppl. So far the comp is running great and I can playservers who dont require renguard I'm gonnatry to reinstall it said that i needed to install in to the renegade directory and I dont know what that means or where that is but I'll work on it.Let me know what you think of this news while I try to get renguard running so I will be back to where I was before this problem started.
As soon as that happens we will be all through. I hope the info is helpful.
  • 0

#24
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
I am glad the PC is back to running great !!

There should be a fix for that on the Renegade web site forum.

I am going to close this thread as "Resolved" unless you have any more questions ??
  • 0

#25
LethaLady

LethaLady

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 23 posts
THANK YOU for all your hard work on this problem. No wonder it was so hard trying to fix an infection that wasn't there. I did find a fix on renguard and I'll post it for you, Everything is back to normal now.

go to START on the toolbar, go to RUN and type in Regedit, select from the left side
HKey_Local_Machine/system/controlset001/services/SVKP.
when SVKP opens there will bea list of places where SVKP was found in the middlepart of the window
delete SVKP where it appears as a single word NOT if it is part of a path

This fixed everything and I was able to proceed to reinstall and run renguard

for those who havent uninstalled everything it may just be a one minute fix

otherwise use this fix and reinstall everything

again thanks LINKMASTER for all your help!!!

Edited by LethaLady, 30 October 2005 - 11:26 AM.

  • 0

Advertisements


#26
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
You are very welcome !!

Edited by Linkmaster, 31 October 2005 - 07:41 AM.

  • 0

#27
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
:tazz:

Edited by Linkmaster, 31 October 2005 - 07:44 AM.

  • 0

#28
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
:tazz:

Edited by Linkmaster, 31 October 2005 - 07:45 AM.

  • 0

#29
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP