Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Buster Problem


  • Please log in to reply
4 replies to this topic

#1 Dad5026

Dad5026

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 19 August 2011 - 11:15 PM

Hello,
I downloaded TrendMicro Rootkit Buster several weeks ago, and it has never found anything wrong/bad on my computer until now. It found 2 items. I tried to delete the items, but it would not allow me to do so. I am TOTALLY CLUELESS what they are or what they mean. I Googled both of them, but could not find any information (that I understand). I don't even know what a Hooked Service API is. Could someone be so kind as to look at the copy/paste, and tell me if it is a virus or the likes, and how to remove it or even if I should. Thank you in advance for helping. Regards, Dad

--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : ZwCreateKey
Image Path : Lbd.sys
OriginalHandler : 0x80622048
CurrentHandler : 0xb80f887e
ServiceNumber : 0x29
ModuleName : Lbd.sys
SDTType : 0x0

[HOOKED_SERVICE_API]:
Service API : ZwSetValueKey
Image Path : Lbd.sys
OriginalHandler : 0x80620708
CurrentHandler : 0xb80f8bfe
ServiceNumber : 0xf7
ModuleName : Lbd.sys
SDTType : 0x0

BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:08:47 AM

Posted 20 August 2011 - 04:11 AM

Lbd.sys is part of Ad-Aware, which I presume you have installed on your system.

http://www.bleepingcomputer.com/startups/Lbd.sys-24596.html

Nothing to worry about.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 Dad5026

Dad5026
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 20 August 2011 - 09:07 AM

Lbd.sys is part of Ad-Aware, which I presume you have installed on your system.

http://www.bleepingcomputer.com/startups/Lbd.sys-24596.html

Nothing to worry about.


Hello AA, Thank you for replying to my question. Yes, I do have Ad-Aware on my computer. What puzzles me is: I've had Ad-Aware on my computer for some time, and when RootkitBuster scanned it in the past, those 2 did not show. Last night was the first time they appeared. What would make them suddenly appear last night and not last week or anytime earlier? Again, thank you, Dad

#4 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:08:47 AM

Posted 20 August 2011 - 10:17 AM

What would make them suddenly appear last night and not last week or anytime earlier?

I'm sorry: I cannot even make any suggestions as to why that might have happened. It doesn't help that I am not at all familiar with Rootkit Buster.

Perhaps someone else may have an idea?
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:47 PM

Posted 20 August 2011 - 11:20 AM

Hello,

I'm moving this topic to the AntiVirus, Firewall and Privacy Products and Protection Methods forum for you.

I can't specifically answer your question, but I have some general ideas.

There are times when an updated version of a security product will flag things that it didn't flag before. Sometimes what it flags are indeed malicious files. Other times, it is false positives. It depends on the changed definitions.

Another possibility, is that you updated the things it was scanning, and something about the new files matched the definitions in the scanner's database, causing them to be flagged.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users