Mover
January 20th, 2009, 08:39 PM
I ran rootkit unhooker recently and have a few concerns with the results
A) On startup of RKu, I had the following message
Rootkit Unhooker has detected a parasite inside itself !
Parasite type: Unknown remote thread
Thread Id: 1020
Priority: 8
Thread start address: 0x781329E1
Module: msvcr80.dll
B) On the SSDT State tab I had
NtAssignProcessToJobObject
Actual Address 0x86D6D630
Hooked by: Unknown module filename
C) In addition, I had the following files hidden.
Suspect File: C:\WINDOWS\SYSTEM32\ibfl.dat::$DATA Status: Hidden
Suspect File: C:\WINDOWS\SYSTEM32\lkfl.dat::$DATA Status: Hidden
Suspect File: C:\WINDOWS\SYSTEM32\pdfl.dat::$DATA Status: Hidden
Any comments would be appreciated.
A) On startup of RKu, I had the following message
Rootkit Unhooker has detected a parasite inside itself !
Parasite type: Unknown remote thread
Thread Id: 1020
Priority: 8
Thread start address: 0x781329E1
Module: msvcr80.dll
B) On the SSDT State tab I had
NtAssignProcessToJobObject
Actual Address 0x86D6D630
Hooked by: Unknown module filename
C) In addition, I had the following files hidden.
Suspect File: C:\WINDOWS\SYSTEM32\ibfl.dat::$DATA Status: Hidden
Suspect File: C:\WINDOWS\SYSTEM32\lkfl.dat::$DATA Status: Hidden
Suspect File: C:\WINDOWS\SYSTEM32\pdfl.dat::$DATA Status: Hidden
Any comments would be appreciated.