Hacktool.Rootkit

Discussion in 'malware problems & news' started by bryanjoe, Aug 31, 2007.

Thread Status:
Not open for further replies.
  1. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    i have this computer that does not have an internet connection.
    But it is infected with Hacktool.Rootkit. Each time i reboot, IE will open itself.
    Nortorn Antirus will prompt the virus, each time quoting a different file as infected...

    When i restarted again, the viruses came back.....
    How to resolve?
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Well if I were you I would use a live cd or RkUnhooker/IceSword antirootkit then you could cleanup with antivirus after.

    If you are not confident with that give avg antirootkit a run and scan for rootkit. CastleCops has a forum for removal called Rootkit Revelations.
     
  3. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380

    i just used AVG Free Rootit scanner, but it did not find any problem with it....
     
  4. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Have a look at IceSword? I don't think there are instructions for RkU use.
    Have you an image backup to solve this problem?
     
  5. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    i dont hv any backup.....
    i dont hv any knowledge of the process to remove.
     
  6. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Then you need a forum like above that can review a log.

    Hacktool.Rootkit
     
  7. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    but now Norton does not alert the Hacktools.....
    cos i disable system restore...
    and terminate some unknown processess...

    will it be alright?
     
  8. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Yes a detection in your System Volume Information or System Restore folder can be cleaned by disabling system restore. Don't forget to re-enable.

    What happens after a reboot? RkUnhooker would of helped here with the processes but perhaps Norton has cleaned up.
    You could also try a second opinion at eset or Kaspersky online scan.
     
    Last edited: Aug 31, 2007
  9. ASpace

    ASpace Guest

    Unfortunately neither ESET nor Kaspersky online scanners can detect active rootkits.The name of the potential threat talks a lot.

    The Symantec "review" tells:

    @bryanjoe
    The best for you is to reinstall your Windows operating system with a full format of the hard drive used for the OS.Make a back-up of all necessary documents , take the Windows install CD and follow the procedures . After reinstall , follow basic security rules such as not connecting to internet without firewall , without AV , update Windows as soon as you connect to internet. This is good site helping users how to reinstall their operating systems . Good luck!
     
  10. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    But that's not why I suggest it, with the nature of this infection you may find some other item introduced to the machine, it would be nice to know,..bryanjoe as HiTech_boy says you would be better to start over as you have no backup image/snapshot - maybe best not to trust this machine.
     
  11. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    I would definitely do a low-level format on that drive before installing windows on it. Something like DBAN, it's free and you can burn a iso image to CD, DVD or use floppy, USB drive.
    http://dban.sourceforge.net/
     
  12. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    actually, this is a 2nd hand computer. I don't have the Win XP CD.
    It doesnt have internet connection as well.

    :(
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    What,s the problem with a simple format during OS reinstall?
     
  14. ASpace

    ASpace Guest


    Then buy your own Windows XP and use it reinstall the OS . As it is second it is always better to first format it and start new clean session . You never know what was hidden from the previous user and in this case a lot is hidden
     
Thread Status:
Not open for further replies.