Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

rootkit buster scan-Is my computer infected or not?


  • Please log in to reply

#1
beaniemann

beaniemann

    New Member

  • Member
  • Pip
  • 2 posts
new member here so im kind of a noob. But i did a root kit buster scan. I have no idea what all this, for lack of a better word, gibberish means. Here is the scan results:(removed computer and user name for security reasons?) it seems OK until something about a kernel patching comes up. No idea what all these hook files are. furthermore, the main scan says i have 47 hidden objects found. did some digging into system files, turns out they are all necessary, unassuming system files for various legit programs. Could it be these files were infected, if so what do I do? I remember a while back I did get a Trojan, but it was caught by my antivirus software(avast) and I quarantined and deleted it. btw, is it in anyway possible all my passwords, personal info could have been compromised as well(even though the Trojan is "apparently" gone?) if they have been compromised, again what should I do? IMPORTANT: A while back I remember getting the infamous 'fake virus scan alert' and er, downloading an .exe completely on accident. What kind of virus would that be, and how would I got about removing/combating it? that is spec. when the trojan results popped up in avast, which i got rid of. is it possible it is still there, or that an even sinister virus may be in the works?

the most intriguing hook file i found was this: ZwCreateMutant; whereas all the other 47 files seem totally legit(well kind of, its all code) this one seems fishy. should i do a rescan after you tell me what it is and then delete it? all of them?(would that decimate my computer?) is it possible i have a replicating virus, that may or may not be a trojan and is still in my system somewhere? if so what do I do if its not a trojan?

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 3.60.0.1016
| Computer Name:
| User Name:
+----------------------------------------------------


--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : ZwAddBootEntry
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80616a30
CurrentHandler : 0xb2813202
ServiceNumber : 0x9
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAllocateVirtualMemory
Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS
OriginalHandler : 0x805a8aba
CurrentHandler : 0xb2879cb2
ServiceNumber : 0x11
ModuleName : aswSP.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwClose
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805bc530
CurrentHandler : 0xb28376c1
ServiceNumber : 0x19
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateEvent
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x8060ef4e
CurrentHandler : 0xb281581c
ServiceNumber : 0x23
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateEventPair
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x806172a6
CurrentHandler : 0xb2815874
ServiceNumber : 0x24
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateIoCompletion
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80578a86
CurrentHandler : 0xb281598a
ServiceNumber : 0x26
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x806240f0
CurrentHandler : 0xb2837075
ServiceNumber : 0x29
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateMutant
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x8061769e
CurrentHandler : 0xb2815772
ServiceNumber : 0x2b
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSection
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805ab3c8
CurrentHandler : 0xb28158c4
ServiceNumber : 0x32
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSemaphore
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x8061504e
CurrentHandler : 0xb28157c6
ServiceNumber : 0x33
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateTimer
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80616f6e
CurrentHandler : 0xb2815938
ServiceNumber : 0x36
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteBootEntry
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80616a22
CurrentHandler : 0xb2813226
ServiceNumber : 0x3d
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x8062458c
CurrentHandler : 0xb2837d87
ServiceNumber : 0x3f
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteValueKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x8062475c
CurrentHandler : 0xb283803d
ServiceNumber : 0x41
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDuplicateObject
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805be008
CurrentHandler : 0xb2815c0e
ServiceNumber : 0x44
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwEnumerateKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x8062493c
CurrentHandler : 0xb2837bf2
ServiceNumber : 0x47
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwEnumerateValueKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80624ba6
CurrentHandler : 0xb2837a5d
ServiceNumber : 0x49
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwFreeVirtualMemory
Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS
OriginalHandler : 0x805b2fb2
CurrentHandler : 0xb2879d62
ServiceNumber : 0x53
ModuleName : aswSP.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwLoadDriver
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80584160
CurrentHandler : 0xb2812ff0
ServiceNumber : 0x61
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwModifyBootEntry
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80616a22
CurrentHandler : 0xb281324a
ServiceNumber : 0x6d
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwNotifyChangeKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x806262de
CurrentHandler : 0xb2815d82
ServiceNumber : 0x6f
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwNotifyChangeMultipleKeys
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80624f12
CurrentHandler : 0xb2813cda
ServiceNumber : 0x70
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenEvent
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x8060f04e
CurrentHandler : 0xb281584c
ServiceNumber : 0x72
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenEventPair
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x8061737e
CurrentHandler : 0xb281589c
ServiceNumber : 0x73
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenIoCompletion
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80578b5e
CurrentHandler : 0xb28159b4
ServiceNumber : 0x75
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x806254ce
CurrentHandler : 0xb28373d1
ServiceNumber : 0x77
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenMutant
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80617776
CurrentHandler : 0xb281579e
ServiceNumber : 0x78
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenProcess
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805cb440
CurrentHandler : 0xb2815a46
ServiceNumber : 0x7a
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenSection
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805aa3ec
CurrentHandler : 0xb2815904
ServiceNumber : 0x7d
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenSemaphore
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80615148
CurrentHandler : 0xb28157f4
ServiceNumber : 0x7e
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenThread
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805cb6cc
CurrentHandler : 0xb2815b2a
ServiceNumber : 0x80
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenTimer
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80617090
CurrentHandler : 0xb2815962
ServiceNumber : 0x83
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwProtectVirtualMemory
Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS
OriginalHandler : 0x805b841e
CurrentHandler : 0xb2879dfa
ServiceNumber : 0x89
ModuleName : aswSP.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueryKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80625810
CurrentHandler : 0xb28378d8
ServiceNumber : 0xa0
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueryObject
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805c52cc
CurrentHandler : 0xb2813ba0
ServiceNumber : 0xa3
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueryValueKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80622314
CurrentHandler : 0xb283772a
ServiceNumber : 0xb1
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRenameKey
Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS
OriginalHandler : 0x80623b12
CurrentHandler : 0xb2882e48
ServiceNumber : 0xc0
ModuleName : aswSP.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRestoreKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80625ad0
CurrentHandler : 0xb28366e8
ServiceNumber : 0xcc
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetBootEntryOrder
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80616a30
CurrentHandler : 0xb281326e
ServiceNumber : 0xd3
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetBootOptions
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80616a30
CurrentHandler : 0xb2813292
ServiceNumber : 0xd4
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSystemInformation
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x8060fd06
CurrentHandler : 0xb281304a
ServiceNumber : 0xf0
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSystemPowerState
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80653e18
CurrentHandler : 0xb2813186
ServiceNumber : 0xf1
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetValueKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80622662
CurrentHandler : 0xb2837e8e
ServiceNumber : 0xf7
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwShutdownSystem
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80612f90
CurrentHandler : 0xb2813162
ServiceNumber : 0xf9
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSystemDebugControl
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x806180ba
CurrentHandler : 0xb28131aa
ServiceNumber : 0xff
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwVdmControl
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805fbb6c
CurrentHandler : 0xb28132b6
ServiceNumber : 0x10c
ModuleName : aswSnx.SYS
SDTType : 0x0


--== Dump Hidden Port ==--
No hidden ports found.

--== Dump Kernel Code Patching ==--
[KERNEL_CODE][PATCHED]:
Service API : ZwCreateProcessEx
Address : 805D117A
CurrentCode : E987E72B32
ExpectedCode : 6A0C68E8A8
ServiceNumber : 0x30
SDTType : 0x0
1 Kernel code patching found.

--== Dump Hidden Services ==--
No hidden services found.

Edited by beaniemann, 20 June 2011 - 01:10 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP