Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Vending Machine App Hacked for Unlimited Credit

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Photo

Root Kit Found (Gmer)

Started by RobiSuicide , Mar 10 2009 03:25 AM

  • This topic is locked This topic is locked
1 reply to this topic

#1 RobiSuicide

RobiSuicide

  • Members
  • 42 posts
  • OFFLINE
    •  
  • Local time:11:52 PM

Posted 10 March 2009 - 03:25 AM

Didn't know where to put this since its not a hi-jackthis log. I got online, a road runner page popped up saying I sent them unsolicited/spam and that it's most likely from my computer being unsafe and to fix it or they'll shut off my internet, then I had to click a link to turn my internet back on. So I scanned with gmer and it said RootKit detected. Can anyone help, I'll post the log.

GMER 1.0.15.14878 - http://www.gmer.net
Rootkit scan 2009-03-10 01:21:48
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\50b0607c.sys ZwCreateEvent [0xF6A34815]
SSDT \SystemRoot\System32\drivers\50b0607c.sys ZwCreateKey [0xF6A32905]
SSDT \SystemRoot\System32\drivers\50b0607c.sys ZwOpenKey [0xF6A329B9]

INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F681459A
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F6814655

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\System32\drivers\50b0607c.sys The system cannot find the file specified.

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 50b0607c.sys

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip 50b0607c.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp 50b0607c.sys

Device \Driver\AvgTdiX \Device\AvgTdi 50b0607c.sys

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp 50b0607c.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp 50b0607c.sys

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\drivers\50b0607c.sys (*** hidden *** ) [SYSTEM] 50b0607c <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\50b0607c@ImagePath \SystemRoot\System32\drivers\50b0607c.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\50b0607c@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\50b0607c@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\50b0607c@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\Services\50b0607c@ImagePath \SystemRoot\System32\drivers\50b0607c.sys
Reg HKLM\SYSTEM\ControlSet002\Services\50b0607c@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\50b0607c@Start 1
Reg HKLM\SYSTEM\ControlSet002\Services\50b0607c@ErrorControl 1

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:52 PM

Posted 10 March 2009 - 09:52 AM

I have already responded in your other thread here. Please do not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues. Thanks for your cooperation.

This thread is closed. If you have any questions. Please PM me or another Moderator.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·