Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Rootkit activity on my Windows XP SP3

  • Please log in to reply
2 replies to this topic

#1 gruntkiller4000


  • Members
  • 2 posts
  • Local time:10:25 AM

Posted 03 June 2013 - 09:36 AM

Lately, I have known some strange activity going on with my Windows Xp. Firstly, when I ran an application that worked all the time, it suddenly gave me "The Application failed to initiliaze cx0005" error. Of what I know of this is caused by errors in my operating system. I was trying to figure out why this had happened on this program i use all the time. On another clean windows, I tested programs such as rootkit unhooker, process explorer and process monitor and others like Malware bytes. Malware bytes could not pick up anything, nor did any other antivirus programs.


On process monitor, on the infected PC, i noticed something strange. Winlogon was using the index.dat file in system32/config/ file somewhere that wouldn't of happened on a normal PC. It also pointed to an unknown stack when i looked in the properties of the file. Another thing is that the service Shared Access has been added with the "/??/C:/Windows/system32/winlogon.exe" key as approved for the firewall.It seems like winlogon has probably been infected by a virus (but not the file itself. the file has not being modified.).


I tested GMER, a utility to detect rootkits and as it was analysing my PC crashed with the bluescreen. On safe mode it did the same but it picked up some results before crashing. I saved it in a log file (i may post it later).


I forgot to mention I used system restore to reverse changes but the errors persisted.


Can someone please reply so that I can fix this error, and so if it happens in the future, i'll know what to do to fix it.


Edited by hamluis, 03 June 2013 - 10:18 AM.
Moved from XP to Am I Infected - Hamluis.

BC AdBot (Login to Remove)


#2 sikntired


  • Members
  • 1,091 posts
  • Gender:Male
  • Location:USA
  • Local time:09:25 PM

Posted 03 June 2013 - 09:52 AM

It would probably be best to post your issue in the " Am I Infected " forum where an Advisor could provide assistance or maybe one of them will move it.


Mod Edit:  I moved topic to AII - Hamluis.

Edited by hamluis, 03 June 2013 - 10:17 AM.

#3 gruntkiller4000

  • Topic Starter

  • Members
  • 2 posts
  • Local time:10:25 AM

Posted 04 June 2013 - 04:03 AM

please is anybody going to help? I urgently want to remove this rootkit!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users