Possible Rootkit

Discussion in 'malware problems & news' started by cba321, Jan 23, 2009.

Thread Status:
Not open for further replies.
  1. cba321

    cba321 Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    48
    Here seems to be another headache awaiting me on my computer. Yesterday, doing a webroot spysweeper/antivirus scan in safe mode, it detected "System Monitor, Potentially Masked Rootkit Files". This does not appear in a normal mode scan. It also will not be quarantined. I will quarantine it, and it will seem to be quarantined, but then when I look in the quarantine it isn't there. It wont be detected on further scans in that session, but when I shut the machine off and reboot in safe mode again, I will detect it again!

    There are 7 traces, I wrote them down (hopefully copied them corretly, I'll look again and get them down better soon):

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/drivers/en-US/modem.sys.mui [modem wmi]

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/DRIVERS/intelppm.sys [processor wmi]

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/DRIVERS/en-US/intelppm.sys.mui [processor wmi]

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/DRIVERS/e100b32S.sys [Ndismof Resource]

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/drivers/dxgkrnl.sys [Mof Resource Name]

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/drivers/sys.mui [MofResourceName]
     
    cba321, Jan 23, 2009
    #1
  2. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    98,010
    Location:
    U.S.A.
    JRViejo, Jan 23, 2009
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...