Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible trojan / rootkit infection


  • Please log in to reply
No replies to this topic

#1 derfelo

derfelo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 21 October 2009 - 03:02 PM

I have a PC running Windows XP Home SP3 (installed about 2 months) which I use occasionally when I visit my mother. The basic security software I have installed is AVG Free and Malwarebytes Anti-Malware. Internet access is through a Netgear DG834GT (DGteam Firmware) which has a firewall built in. My mothers computer is on the same network but has had no symptoms.

On my last visit a couple of weeks ago I had a few AVG alerts pop up finding a .exe file and identifying it as Trojan Horse Rootkit-Pakes.R (C:\WINDOWS\Temp\~37.exe) and another as Virus Identified Packed.Revolt (C:\WINDOWS\Temp\~36.exe) each time it seemed to successfuly remove the file but the error would come back later. I ran a scan with malwarebytes which detected a couple of things which I removed (I'm sorry I forgot to record what they were at the time). I then installed Avast free antivirus and scanned with that which found nothing.

I was quite pressed for time and haven't been back on the system in question until today. I updated and ran a full malwarebytes scan as soon as I turned it on which detected nothing and AVG has not bothered me. I just uninstalled AVAST antivirus so I wouldn't have 2 installed and as it got to the end of the uninstall process and I chose to reboot it the avast alert window popped up and said trojan detected! AVG and malwarebytes are still detecting nothing. I am still a bit suspicious though and using Codestuff Starter to view my start-up items I can see a weird one: Name: Frubazaqesuhe Value: rundll32.exe "C:\WINDOWS\ekebuzixu.dll",Startup Description: Blank. I remember helping a PC with some virus problems which turned out to be a rootkit and I am pretty sure it was something to do with rootkit dll's beginning with 'eke' so I think I may still have some kind of infection.


I would be very grateful for some advice on what next steps to take.

thanks

Edited by derfelo, 21 October 2009 - 03:03 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users