Object Name: C:\WINDOWS\System32\Drivers\alut8q84.SYS
Detection Name: Hidden Driver
Object Type: File
SDK Type: Rootkit
Operating System is Windows XP SP3
Any help would be much appreciated. Thanks
Edited by dgkdgk, 31 May 2009 - 11:53 AM.
Posted 31 May 2009 - 11:50 AM
Edited by dgkdgk, 31 May 2009 - 11:53 AM.
Posted 31 May 2009 - 02:35 PM
Posted 31 May 2009 - 04:59 PM
Edited by dgkdgk, 31 May 2009 - 05:00 PM.
Posted 01 June 2009 - 08:01 AM
Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. SSDT (System Service Descriptor Table) is a table that stores addresses of functions that are used by Windows. Whenever a function is called, Windows looks in this table to find the address for it. Both Legitimate programs and rootkits can hook into and alter this table. You should not be alarmed if you see any hidden entries created by legitimate programs after performing a scan.I've downloaded two tools called "gmer" and "rootkitrevealer" but wouldn't really know what to do with the raw data they provide.
Edited by quietman7, 01 June 2009 - 08:03 AM.
Posted 01 June 2009 - 09:06 AM
Edited by dgkdgk, 01 June 2009 - 09:09 AM.
Posted 01 June 2009 - 09:22 AM
Posted 01 June 2009 - 09:25 AM
I am looking for help removing this. It appears I may not be in the right venue. But thanks for the canned reply which has some general information.
Is this site a real community or a front for some sort of software sales?
Posted 01 June 2009 - 09:31 AM
Posted 01 June 2009 - 09:45 AM
Posted 01 June 2009 - 10:11 AM
Posted 01 June 2009 - 10:19 AM
Posted 01 June 2009 - 10:27 AM
Edited by quietman7, 01 June 2009 - 10:28 AM.
Posted 01 June 2009 - 10:44 AM
Posted 01 June 2009 - 10:55 AM
That's a possibility but since some rootkits can be dangerous, that's why I'm having you check with some different tools. There are more powerful tools but we don't use them in this forum.I'm beginning to wonder if this is just a false positive from AVG?
Posted 01 June 2009 - 11:05 AM
0 members, 0 guests, 0 anonymous users