Possible Rootkit

Discussion in 'malware problems & news' started by cba321, Jan 23, 2009.

Thread Status:
Not open for further replies.
  1. cba321

    cba321 Registered Member

    Jan 11, 2009
    Here seems to be another headache awaiting me on my computer. Yesterday, doing a webroot spysweeper/antivirus scan in safe mode, it detected "System Monitor, Potentially Masked Rootkit Files". This does not appear in a normal mode scan. It also will not be quarantined. I will quarantine it, and it will seem to be quarantined, but then when I look in the quarantine it isn't there. It wont be detected on further scans in that session, but when I shut the machine off and reboot in safe mode again, I will detect it again!

    There are 7 traces, I wrote them down (hopefully copied them corretly, I'll look again and get them down better soon):

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/drivers/en-US/modem.sys.mui [modem wmi]

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/DRIVERS/intelppm.sys [processor wmi]

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/DRIVERS/en-US/intelppm.sys.mui [processor wmi]

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/DRIVERS/e100b32S.sys [Ndismof Resource]

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/drivers/dxgkrnl.sys [Mof Resource Name]

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/drivers/sys.mui [MofResourceName]
  2. JRViejo

    JRViejo Super Moderator

    Jul 9, 2008
Thread Status:
Not open for further replies.