Hidden NIS 21.0.2.1 Rootkit after uninstall

Discussion in 'other anti-virus software' started by apm, Oct 16, 2013.

Thread Status:
Not open for further replies.
  1. apm

    apm Registered Member

    Joined:
    Mar 15, 2006
    Posts:
    162
    Just removed NIS 21.0.2.1 and installed the Avast 2014, but Avast find there are Hidden Rootkit from NIS and the boot log show hidden files too:
    :mad: :mad:
    http://i.imgur.com/CgFgIdi.png


    avast! Antirootkit, version 1.0
    Scan started: October 16, 2013 19:42:40


    File: C:\Windows\system32\drivers\NISx64\1500020.001\ccSetx64.sys SignCode: 123 0 0
    Service ccSet_NIS [C:\Windows\system32\drivers\NISx64\1500020.001\ccSetx64.sys] **HIDDEN**

    File: C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20130805.011\IDSVia64.sys SignCode: 123 0 0
    Service IDSVia64 [C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20130805.011\IDSVia64.sys] **HIDDEN**

    File: C:\Windows\system32\drivers\NISx64\1500020.001\SRTSPX64.SYS SignCode: 123 0 0
    Service SRTSPX [C:\Windows\system32\drivers\NISx64\1500020.001\SRTSPX64.SYS] **HIDDEN**

    File: C:\Windows\system32\drivers\NISx64\1500020.001\SYMDS64.SYS SignCode: 123 0 0
    Service SymDS [C:\Windows\system32\drivers\NISx64\1500020.001\SYMDS64.SYS] **HIDDEN**

    File: C:\Windows\system32\drivers\NISx64\1500020.001\SYMEFA64.SYS SignCode: 123 0 0
    Service SymEFA [C:\Windows\system32\drivers\NISx64\1500020.001\SYMEFA64.SYS] **HIDDEN**


    Scan finished: October 16, 2013 19:43:04
    Hidden files found: 0
    Hidden registry items found: 0
    Hidden processes found: 0
    Hidden services found: 5
    Hidden boot sectors found: 0



    ....Is Norton/Symantec doing NSA things??
     
  2. tomazyk

    tomazyk Guest

  3. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Those are normal Norton drivers... The only issue here is that the uninstaller isn't removing all leftovers, not any conspiracy theory mumbo jumbo.

    Besides, most security software leave hidden drivers behind after a normal uninstall. Including Avast.
     
  4. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    974
    Location:
    Paris
    Although I like the way you think, Apm, those files are just residua from a shoddy uninstall routine. As there is nothing to activate these files and can't intrinsically connect out they can't be considered Backdoors. Follow tomazyk's suggestion and/or delete manually.

    And don't be concerned about your being currently monitored by the NSA. They already know enough about you to be satisfied.
     
  5. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,726
    Location:
    localhost
    LoL :D :thumb:
     
  6. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    MEAN. :D
     
  7. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    with symantec i wouldnt put it past them though...
     
Loading...
Thread Status:
Not open for further replies.