Hacktool.Rootkit

Discussion in 'malware problems & news' started by bryanjoe, Aug 31, 2007.

Thread Status:
Not open for further replies.
  1. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    i have this computer that does not have an internet connection.
    But it is infected with Hacktool.Rootkit. Each time i reboot, IE will open itself.
    Nortorn Antirus will prompt the virus, each time quoting a different file as infected...

    When i restarted again, the viruses came back.....
    How to resolve?
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Well if I were you I would use a live cd or RkUnhooker/IceSword antirootkit then you could cleanup with antivirus after.

    If you are not confident with that give avg antirootkit a run and scan for rootkit. CastleCops has a forum for removal called Rootkit Revelations.
     
  3. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380

    i just used AVG Free Rootit scanner, but it did not find any problem with it....
     
  4. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Have a look at IceSword? I don't think there are instructions for RkU use.
    Have you an image backup to solve this problem?
     
  5. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    i dont hv any backup.....
    i dont hv any knowledge of the process to remove.
     
  6. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Then you need a forum like above that can review a log.

    Hacktool.Rootkit
     
  7. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    but now Norton does not alert the Hacktools.....
    cos i disable system restore...
    and terminate some unknown processess...

    will it be alright?
     
  8. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Yes a detection in your System Volume Information or System Restore folder can be cleaned by disabling system restore. Don't forget to re-enable.

    What happens after a reboot? RkUnhooker would of helped here with the processes but perhaps Norton has cleaned up.
    You could also try a second opinion at eset or Kaspersky online scan.
     
    Last edited: Aug 31, 2007
  9. ASpace

    ASpace Guest

    Unfortunately neither ESET nor Kaspersky online scanners can detect active rootkits.The name of the potential threat talks a lot.

    The Symantec "review" tells:

    @bryanjoe
    The best for you is to reinstall your Windows operating system with a full format of the hard drive used for the OS.Make a back-up of all necessary documents , take the Windows install CD and follow the procedures . After reinstall , follow basic security rules such as not connecting to internet without firewall , without AV , update Windows as soon as you connect to internet. This is good site helping users how to reinstall their operating systems . Good luck!
     
  10. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    But that's not why I suggest it, with the nature of this infection you may find some other item introduced to the machine, it would be nice to know,..bryanjoe as HiTech_boy says you would be better to start over as you have no backup image/snapshot - maybe best not to trust this machine.
     
  11. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,735
    I would definitely do a low-level format on that drive before installing windows on it. Something like DBAN, it's free and you can burn a iso image to CD, DVD or use floppy, USB drive.
    http://dban.sourceforge.net/
     
  12. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    actually, this is a 2nd hand computer. I don't have the Win XP CD.
    It doesnt have internet connection as well.

    :(
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,109
    Location:
    Saudi Arabia/ Pakistan
    What,s the problem with a simple format during OS reinstall?
     
  14. ASpace

    ASpace Guest


    Then buy your own Windows XP and use it reinstall the OS . As it is second it is always better to first format it and start new clean session . You never know what was hidden from the previous user and in this case a lot is hidden
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.