Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit


  • This topic is locked This topic is locked
1 reply to this topic

#1 isis1671

isis1671

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 19 February 2010 - 11:48 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-18 11:57:19
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1.PAR\LOCALS~1\Temp\awtdrpog.sys


---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] eofwnjyxu <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\eofwnjyxu@DisplayName ojnuof
Reg HKLM\SYSTEM\CurrentControlSet\Services\eofwnjyxu@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\eofwnjyxu@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\eofwnjyxu@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\eofwnjyxu@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\eofwnjyxu@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\eofwnjyxu@Description Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\eofwnjyxu\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\eofwnjyxu\Parameters@ServiceDll C:\WINDOWS\system32\mlrstgqq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\eofwnjyxu@DisplayName ojnuof
Reg HKLM\SYSTEM\ControlSet002\Services\eofwnjyxu@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\eofwnjyxu@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\eofwnjyxu@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\eofwnjyxu@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\eofwnjyxu@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\eofwnjyxu@Description Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet002\Services\eofwnjyxu\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\eofwnjyxu\Parameters@ServiceDll C:\WINDOWS\system32\mlrstgqq.dll

---- EOF - GMER 1.0.15 ----


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 19 February 2010 - 11:53 AM

DO NOT create more than one topic!

http://www.bleepingcomputer.com/forums/ind...p;#entry1637688

/closed

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users