Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacking Tools, Rootkits, And Trojans


  • Please log in to reply
3 replies to this topic

#1 athelos

athelos

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 28 January 2008 - 10:05 AM

I finally got a panda scan to work and it got halfway through and it detected two hackingtools/rootkits and a virus:


Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\All Users\Documents\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\All Users\Documents\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\All Users\Documents\SmitfraudFix\restart.exe
All of these are in the smitfraud. I know that i downloaded a legit version as one of you good people gave me the link. So is it normal for panda to pick smitfraud as a threat? Ive deleted all the smitfraud files anyway and am going to start the scan again to make sure that they are smitfraud related. Im just hoping that that its a false positive.

Also on a side note i ran a panda scan a while back and it detected a file called security.dll. It said that i should send it off to their labs to be more thouroghly examined. The file is in C:\Program Files\Linksys Wireless-G USB Wireless network Monitor. What i wanted to know was whether there should be a file in that place. I also have one in system 32, service pack and C:\WINDOWS\Microsoft.NET\Frame Work\ (and it lists two different versions). Normal?
Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:04 PM

Posted 28 January 2008 - 10:29 AM

SmitfraudFix is not a virus or malware. It is a tool to detect and remove smitfraud infections. However, certain files that are part of the tool, such as process.exe, restart.exe, SmiUpdate.exe, ws2fix.exe, iedfix.exe and reboot.exe, may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case.

These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases, the detection is a "False Positive".

Anytime you come across a suspicious file, search the name using Google or the following links:
BC's File Database
BC's Startup Programs Database
File Research Center
ThreatExpert Malware Search
If no search results are found, you are given the option to "Submit a New Sample".

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.

You can download and use Proces Explorer, AnVir Task Manager Free or System Explorer to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location. If you right-click on the file in question and select properties, you will see more details about the file.

If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.

I have copies of Security.dll in these locations:
C:\I386
C:\Windows\system32
C:\WINDOWS\ServicePackFiles\i386
C:\WINDOWS\$NtServicePackUninstall$

System.Security.dll is located in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 28 January 2008 - 12:33 PM

Thank you Quietman for the thorough explaination. I have submitted the file to virustotal.com. Im guessing that if nothing shows in the Result collum then there is nothing wrong with the file? I also finished another panda scan (though it was strange as about 4 times it shut my internet down before it would start :thumbsup: ) and it has come up with no infections so im feeling better.

Its nice to know that there are people out there that are willing to help others that have next to no knowledge of these things.
Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:04 PM

Posted 28 January 2008 - 12:46 PM

Your welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users