Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit Infection


  • Please log in to reply
No replies to this topic

#1 kales

kales

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 27 July 2012 - 01:28 PM

Hi, recently on a website I frequent there has been a rootkit scare. Spambots have been posting youtube links, and according to a couple people they have received a virus from clicking the link. Out of momentary stupidity I clicked on one of the links and was brought to Youtube (this happened several weeks ago before people claimed it had a virus of some kind), but realized it was spam and left the page before any video actually played.

There hasn't been any confirmation that there is any virus at all, but as this is my only computer and I am not very tech-savvy, I can't help but worry. I thought nothing of it at the time as my computer has displayed no issues what so ever and is working just as well as it usually does. However, according to other folks, rootkits evade detection and don't make it obvious that a computer may be infected, so they're almost impossible to detect.

I ran both Malwarebytes Anti-Malware and Avast! but both came up clean. I then ran the Anti-rootkit utility TDSSKiller (found on a Kaspersky website) and originally came up clean until I changed the parameters and ticked both the 'verify file digital signatures' and 'detect TDLFS file system'. After doing so it came up with this:

Unsigned file
Service: RtVOsdService
Suspicious object, medium risk
Service start: Auto (0x2)
File: C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
MD5: 4ea7e5df0cb237156176fa0349e6e87f

I am aware that Realtek has to do with my speaker system, and as the only options the Kaspersky TDSSKiller gave me for it were 'skip', 'copy to quarantine', and 'delete', I didn't want to risk possibly screwing up my system and have left it. I ran all of these things in normal mode, not safe mode.

I'm unsure what to do at this point, so any help would be appreciated.

I have a Compaq laptop with Windows 7.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users