Do I have a rootkit?

Discussion in 'other security issues & news' started by lynchknot, May 31, 2005.

Thread Status:
Not open for further replies.
  1. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    so rootkits are invisible so I'm wondering: I found IE running in Outpost, using a Mozilla rules (I have IE set to prompt for connection) but not running in taskmanager. Thanks for help.

    http://img25.echo.cx/img25/6083/ie1kn.jpg

    Location: Sweden

     
  2. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    It's been 5 hours and IE still shows as connected without showing in taskmanager.
     
  3. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
  4. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Last edited: Jun 1, 2005
  5. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    I would say that it is strange that it is not showing up in Task Manager.

    Another tool you might try out is UnHackme at:

    http://greatis.com/unhackme/

    Also, which AV/ATs have you scanned with so far?

    Rich
     
  6. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    I have unhackme. I have scanned with NOD32, Ewido, TDS-3, counterspy
     
  7. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    I might do a couple of more things:

    1) You might try DiamondCS's Port Explorer (or something similar)? You can set up a spy on the packets and view what is being transmitted?

    2) You might try running another AV which is good at rootkit detection such as Kaspersky Online.


    I would be surprised if it is a rootkit, since it is so rare. But somehow you have to figure out what the IE process is doing.

    Rich
     
Loading...
Thread Status:
Not open for further replies.