Possible Rootkit

Discussion in 'malware problems & news' started by cba321, Jan 23, 2009.

Thread Status:
Not open for further replies.
  1. cba321

    cba321 Registered Member

    Jan 11, 2009
    Here seems to be another headache awaiting me on my computer. Yesterday, doing a webroot spysweeper/antivirus scan in safe mode, it detected "System Monitor, Potentially Masked Rootkit Files". This does not appear in a normal mode scan. It also will not be quarantined. I will quarantine it, and it will seem to be quarantined, but then when I look in the quarantine it isn't there. It wont be detected on further scans in that session, but when I shut the machine off and reboot in safe mode again, I will detect it again!

    There are 7 traces, I wrote them down (hopefully copied them corretly, I'll look again and get them down better soon):

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/drivers/en-US/modem.sys.mui [modem wmi]

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/DRIVERS/intelppm.sys [processor wmi]

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/DRIVERS/en-US/intelppm.sys.mui [processor wmi]

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/DRIVERS/e100b32S.sys [Ndismof Resource]

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/drivers/dxgkrnl.sys [Mof Resource Name]

    HKLM/SOFTWARE/Microsoft/WBEM/WDM ll C:/Windows/System32/drivers/sys.mui [MofResourceName]
  2. JRViejo

    JRViejo Super Moderator

    Jul 9, 2008
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.