Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Posible rootkit mferkdet.sys found by GMER - what is this?


  • Please log in to reply
5 replies to this topic

#1 GoshenBleeping

GoshenBleeping

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 02 August 2013 - 07:38 AM

I ran GMER, & it found & removed a possible rootkit  -  system32\drivers\mferkdet.sys
My search of the internet found that this driver is from McAfee so I am confused how it could be a rootkit. To which McAfee application does the driver belong? The only McAfee products I have are McAfee Site Advisor and McAfee Stinger. Can someone shed more light on this driver? Is this really a rootkit or was this a false positive from GMER?
 
Thank you.

 

 



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:36 PM

Posted 02 August 2013 - 10:03 AM

It looks like McAfee file.

 

GMER is just a scanner. How did you actually remove that file with GMER?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 GoshenBleeping

GoshenBleeping
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 02 August 2013 - 07:35 PM

It looks like McAfee file.

 

GMER is just a scanner. How did you actually remove that file with GMER?

 

Good question. When GMER finished the scan, I looked for the file in   system32\drivers   -  I could not find it. So my first thought was that GMER had removed it. But you are correct - GMER is just a scanner so it could not have removed the file. So if GMER did not remove the file, and I did not remove the file, then how could GMER report the file? Very strange. Do you have any explanation no matter how weird?

Thanks.



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:36 PM

Posted 02 August 2013 - 08:16 PM

I don't.

Do you have that GMER log?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 GoshenBleeping

GoshenBleeping
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 03 August 2013 - 05:35 PM

Color me stupid -- unfortunately I deleted the log.  Oh well...  If it happens again, I'll repost. Thanks for the help.

 

    David



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:36 PM

Posted 03 August 2013 - 05:49 PM

You can always re-run GMER and I'll take a look.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users