Do I have a rootkit?

Discussion in 'other security issues & news' started by lynchknot, May 31, 2005.

Thread Status:
Not open for further replies.
  1. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    so rootkits are invisible so I'm wondering: I found IE running in Outpost, using a Mozilla rules (I have IE set to prompt for connection) but not running in taskmanager. Thanks for help.

    http://img25.echo.cx/img25/6083/ie1kn.jpg

    Location: Sweden

     
  2. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    It's been 5 hours and IE still shows as connected without showing in taskmanager.
     
  3. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
  4. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Last edited: Jun 1, 2005
  5. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    I would say that it is strange that it is not showing up in Task Manager.

    Another tool you might try out is UnHackme at:

    http://greatis.com/unhackme/

    Also, which AV/ATs have you scanned with so far?

    Rich
     
  6. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    I have unhackme. I have scanned with NOD32, Ewido, TDS-3, counterspy
     
  7. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    I might do a couple of more things:

    1) You might try DiamondCS's Port Explorer (or something similar)? You can set up a spy on the packets and view what is being transmitted?

    2) You might try running another AV which is good at rootkit detection such as Kaspersky Online.


    I would be surprised if it is a rootkit, since it is so rare. But somehow you have to figure out what the IE process is doing.

    Rich
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.