BleepingComputer.com: Rootkit Buster Problem

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Rootkit Buster Problem ZwCreateKey

#1 User is offline   Dad5026 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 19-August 11

Posted 19 August 2011 - 11:15 PM

Hello,
I downloaded TrendMicro Rootkit Buster several weeks ago, and it has never found anything wrong/bad on my computer until now. It found 2 items. I tried to delete the items, but it would not allow me to do so. I am TOTALLY CLUELESS what they are or what they mean. I Googled both of them, but could not find any information (that I understand). I don't even know what a Hooked Service API is. Could someone be so kind as to look at the copy/paste, and tell me if it is a virus or the likes, and how to remove it or even if I should. Thank you in advance for helping. Regards, Dad

--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : ZwCreateKey
Image Path : Lbd.sys
OriginalHandler : 0x80622048
CurrentHandler : 0xb80f887e
ServiceNumber : 0x29
ModuleName : Lbd.sys
SDTType : 0x0

[HOOKED_SERVICE_API]:
Service API : ZwSetValueKey
Image Path : Lbd.sys
OriginalHandler : 0x80620708
CurrentHandler : 0xb80f8bfe
ServiceNumber : 0xf7
ModuleName : Lbd.sys
SDTType : 0x0

#2 User is online   AustrAlien 

  • Inquisitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 4,711
  • Joined: 15-July 09
  • Gender:Male
  • Location:Cowra NSW Australia

Posted 20 August 2011 - 04:11 AM

Lbd.sys is part of Ad-Aware, which I presume you have installed on your system.

http://www.bleepingcomputer.com/startups/Lbd.sys-24596.html

Nothing to worry about.
AustrAlien
Google is my friend. Make Google your friend too.
Posted Image

#3 User is offline   Dad5026 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 19-August 11

Posted 20 August 2011 - 09:07 AM

View PostAustrAlien, on 20 August 2011 - 04:11 AM, said:

Lbd.sys is part of Ad-Aware, which I presume you have installed on your system.

http://www.bleepingcomputer.com/startups/Lbd.sys-24596.html

Nothing to worry about.


Hello AA, Thank you for replying to my question. Yes, I do have Ad-Aware on my computer. What puzzles me is: I've had Ad-Aware on my computer for some time, and when RootkitBuster scanned it in the past, those 2 did not show. Last night was the first time they appeared. What would make them suddenly appear last night and not last week or anytime earlier? Again, thank you, Dad

#4 User is online   AustrAlien 

  • Inquisitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 4,711
  • Joined: 15-July 09
  • Gender:Male
  • Location:Cowra NSW Australia

Posted 20 August 2011 - 10:17 AM

View PostDad5026, on 20 August 2011 - 09:07 AM, said:

What would make them suddenly appear last night and not last week or anytime earlier?

I'm sorry: I cannot even make any suggestions as to why that might have happened. It doesn't help that I am not at all familiar with Rootkit Buster.

Perhaps someone else may have an idea?
AustrAlien
Google is my friend. Make Google your friend too.
Posted Image

#5 User is offline   Orange Blossom 

  • OBleepin Investigator
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 29,827
  • Joined: 14-July 06
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 20 August 2011 - 11:20 AM

Hello,

I'm moving this topic to the AntiVirus, Firewall and Privacy Products and Protection Methods forum for you.

I can't specifically answer your question, but I have some general ideas.

There are times when an updated version of a security product will flag things that it didn't flag before. Sometimes what it flags are indeed malicious files. Other times, it is false positives. It depends on the changed definitions.

Another possibility, is that you updated the things it was scanning, and something about the new files matched the definitions in the scanner's database, causing them to be flagged.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users