Do I have a rootkit?

so rootkits are invisible so I'm wondering: I found IE running in Outpost, using a Mozilla rules (I have IE set to prompt for connection) but not running in taskmanager. Thanks for help.

http://img25.echo.cx/img25/6083/ie1kn.jpg

Location: Sweden

 

It's been 5 hours and IE still shows as connected without showing in taskmanager.

 

This is a beta version rootkit detector : http://www.f-secure.com/blacklight/

and another http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

They're not 100% effective, but certainly worth a shot

 

So I gather, based on the information that I supplied and your response, that it's possible?

**edit - well, first run is no good -

http://img71.echo.cx/img71/6384/error8db.jpg

 

I would say that it is strange that it is not showing up in Task Manager.

Another tool you might try out is UnHackme at:

http://greatis.com/unhackme/

Also, which AV/ATs have you scanned with so far?

Rich

 

I have unhackme. I have scanned with NOD32, Ewido, TDS-3, counterspy

 

I might do a couple of more things:

1) You might try DiamondCS's Port Explorer (or something similar)? You can set up a spy on the packets and view what is being transmitted?

2) You might try running another AV which is good at rootkit detection such as Kaspersky Online.


I would be surprised if it is a rootkit, since it is so rare. But somehow you have to figure out what the IE process is doing.

Rich