Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is catchme.sys a rootkit on my PC?


  • Please log in to reply
No replies to this topic

#1 wtfer

wtfer

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 30 August 2009 - 11:01 PM

I was infected with a rootkit a few weeks back & posted in the HijackThis forum for help. I finally cleaned up my PC after using Combofix & a few other programs after I followed the instructions there & every program showed my PC free of every Maleware & rootkits just a few days ago.

I wanted to be double sure, so I just ran a few extra anti-virus programs, I used:
RUbotted, F-Secure Blacklight rootkit scanner, Rootkit Buster & RootkitRevealer, Sophos Anti-Rootkit, MalewareBtyes, Super-Antispyware.

All of them showed me clean, except the last program I used, which was UnHackMe. It brought up a few problems, one of them that showed a serious infection:

The problem is related to the computer component:
Kernel Auto Boot
Type:
Services detected by Partizen
Item Name catchme
Related File \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys

This program is a known as maleware


I searched around google & there are conflicting reports on if this is either a virus or it is somehow related to Combofix.


The rest of the search results using UnHackme came up with suspicious, but unknown if harmful program files including:

iexplore
-\C:\WINDOWS\System32\Drivers\iexplore.sys

mbr
-\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys

MEMSWEEP2
-\C:\WINDOWS\System32\1.tmp



Again, using google on all of the file names. all of them came with conflicting reports, like some say MEMSWEEP2 is a Trojan & other say it is part of Sophos Anti-Rootkit etc....


Is UnhackMe incorrect & these files are not problems, or am I still infected? As none of the other 8+ programs I used brought up those files as harmful!


EDIT:

Sorry about the typo in the topic description.

Edited by wtfer, 31 August 2009 - 12:31 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users