Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ghost Hunting! Elusive Trojan\worm


  • This topic is locked This topic is locked
1 reply to this topic

#1 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:01:20 AM

Posted 22 February 2008 - 02:26 AM

Hi Everyone,

Several days ago, while offering someone else some help, I downloaded, updated and ran PC Tool's SpyWare Doctor. The results scared me and I posted this thread --> http://www.bleepingcomputer.com/forums/t/132046/trojan-or-false-positive/.

Since then I have gone to the Avast! help forum to question 'How' that Trojan could have slipped past my AV scanner as well as every other utility that I've ran trying to find it so that I could kill it off.

Anyway I've been doing a whole lot of reading on that bugger and I came across a suggestion to someone one one of the help forums that they run a Root-Kit Revealer so I rushed off, snagged myself a root-kit revealer and ran it, here's
the log from that scan;

HKU\.DEFAULT\Control Panel\International 2008-02-05 01:31 0 bytes Security mismatch.

HKU\.DEFAULT\Control Panel\International\Geo 2008-02-05 01:31 0 bytes Security mismatch.

HKU\S-1-5-21-632161812-3573202381-521998931-1005\Control Panel\International 2008-02-07 20:49 0 bytes Security mismatch.

HKU\S-1-5-21-632161812-3573202381-521998931-1005\Control Panel\International\Geo 2008-02-05 01:31 0 bytes Security mismatch.

HKU\S-1-5-18\Control Panel\International 2008-02-05 01:31 0 bytes Security mismatch.

HKU\S-1-5-18\Control Panel\International\Geo 2008-02-05 01:31 0 bytes Security mismatch.

HKLM\SECURITY\Policy\Secrets\SAC* 2002-11-26 20:02 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 2002-11-26 20:02 0 bytes Key name contains embedded nulls (*)

C:\System Volume Information\_restore{48F8845B-390E-459D-930E-041FA721FB4F}\RP145\A0011391.RDB 2008-02-22 04:07 1.42 MB Hidden from Windows API.

************************

Is there anything EVIL or Trojan looking in that log? The last entry bothers me because its hiding stuff from Windows API

Thanks,

Wendy

Edited by Animal, 22 February 2008 - 07:21 PM.

TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:20 PM

Posted 22 February 2008 - 11:01 PM

Since you are already receiving help here, this thread is closed. Please do not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues. Thanks for your cooperation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users