Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Hidden Rootkit


  • Please log in to reply
2 replies to this topic

#1 rishu66

rishu66

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 07 October 2011 - 03:59 AM

hi

I am new to the forums.I have a win 7 sp1 x86 os with eset nod32 5 av , malwarebytes (with protection enabled), emsisoft anti malware , exterminate it(anti rootkit app) and zonealarm firewall installed. Yet after all these measures i feel i have rootkit problem. Exterminate it! has detected possible hidden rootkit files in c:/users/appdata/local/google/chrome/userdata/default/jumplisticons where all sorts of .tmp files seem to be infected. Although the files are deleted by exterminate it! but i noticed this 3 times in this week.I use chrome as my default browser .Should i use combofix??? Please help.

BC AdBot (Login to Remove)

 


#2 turnorburn

turnorburn

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 PM

Posted 07 October 2011 - 05:05 AM

I've checked out exterminate it, the site has red WOT warnings all over it, did you pay for it? If not i would uninstall it reboot your computer and run a scan with Malwarebytes, be sure to update to new definitions before you scan. Be sure to save a log and post it when done..

Thanks..

turnorburn

Post note* after what i saw i would uninstall exterminate it even if I'd paid for it.

Edited by turnorburn, 07 October 2011 - 05:08 AM.

Saved by grace and grace alone

#3 rishu66

rishu66
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 07 October 2011 - 09:17 AM

hi turnonburn

I did as u told me to and unistalled exterminate it completely. Then i rebooted the system and ran malwarebytes which gnenrated the log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7893

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07-10-2011 19:19:58
mbam-log-2011-10-07 (19-19-58).txt

Scan type: Full scan (C:\|)
Objects scanned: 267026
Time elapsed: 54 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

But I am still not sure because what was the source of infection?? and MBAM and ESET both did not detect anything before i uninstalled exterminate it. For the exterminate it i have a 1 year license and had been using it for past 3 months and helped me detect tracking cookies and some spyware which MBAM missed.So i want to be sure there is no rootkit. I dont know whether MBAM detects rootkits . I have had problems in the past with browser cache (Firefox hijacker; uninstalled it deleted the folder) and once bitdefender detected and removed a rootkit( 2 months ago). I had no problems until now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users