Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potentially Rootkit-masked Files


  • This topic is locked This topic is locked
6 replies to this topic

#1 Bartster

Bartster

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 10 March 2008 - 05:05 PM

Webroot just notified me of a possible rootkit infection.
I quarantined it and then looked it up in Webroots'
database they identify it as H9GUFFP6. That's about all I know.
What should I do next? Do I have anything to worry about?
It appears that Webroot blocked it, but I'm not sure.

Edited by Bartster, 10 March 2008 - 05:12 PM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 AM

Posted 10 March 2008 - 05:07 PM

Please download and run a scan with Rootkit Revealer:
http://download.sysinternals.com/Files/RootkitRevealer.zip

Save the log and post it back here.

#3 Bartster

Bartster
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 10 March 2008 - 05:45 PM

It seems this scan has compatibility issues with Vista.
I keep bouncing back and forth between my logon
screen and the scans window.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:26 AM

Posted 10 March 2008 - 07:02 PM

Hello Bartster and welcome to BC :flowers:

In order to provide you with the proper disinfection procedures, we need more information.

I see that you have Windows Vista as your operating system. Which version do you have: basic etc.?

Did Webroot identify a file? If so, please post the file path. An example of a file path is C:\WINDOWS\SYSTEM32\bits\qmgr.dll in which qmgr.dll is the file name, bits is the folder it's in, SYSTEM32 is the folder bits is in, WINDOWS is the folder SYSTEM32 is in and C is the drive it's on.

Do you have any other security programs installed? If so, please name them.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 Bartster

Bartster
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 10 March 2008 - 07:12 PM

Hi Orange Blossom:

I have Vista Home Premium, Norton2007, Spy Sweeper

Webroot alerted me to it, but gave no filepath information, just the number h9guffp6

I also ran another Spy Sweeper scan and it came out clean.

Did a little research on this and it seems this is a false
positive by Spy Sweeper.

That still doesn't make me fell all warm and fuzzy, though.

Do you think I should do anything else?

Edited by Bartster, 10 March 2008 - 08:02 PM.


#6 Bartster

Bartster
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 10 March 2008 - 09:44 PM

Everything seems alright here, please close topic.

Thank you Orange Blossom!

Edited by Bartster, 10 March 2008 - 09:48 PM.


#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:26 AM

Posted 10 March 2008 - 10:11 PM

That's good to hear Barster. I'll close the topic at your request. If you wish to reopen it, please PM a moderator.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users