Root Kit/

Discussion in 'Prevx Releases' started by PatG, Feb 23, 2010.

Thread Status:
Not open for further replies.
  1. PatG

    PatG Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    579
    Location:
    South Alabama
    Joe: this one appears to be very hard to eradicate other than wiping the hard drive. Affects security s/w from even booting, just hanging up the machine. ESET has a file that is supposed to fix it, but believe me, it does not. Went to the malware center and didn't see it posted.

    Are you aware of: Win32/IRCBot.ANR?
     
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Does Prevx see it when you do a scan? If not I think it would be best to have a Prevx engineer analyze your PC remotely to correct this issue as they guarantee clean up. http://info.prevx.com/service.asp

    TH
     
  3. PatG

    PatG Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    579
    Location:
    South Alabama
    NO TH, nothing was caught. Dunno if it was missed or not, thus the post. I won a 2 computer, 2 year license during their annual sweepstakes for NOD32 ver 4. Been running ESS for almost two years and tried to install NOD Sunday. It went in ok, but after the very first reboot, both computers just hung up. ESETs site says "this is probably the problem". ONLY happens right after install of NOD. Glad I had a couple of images to restore to get my back operating. Waiting for their support to get back w/me, but thought I ask here also.
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    OK Pat your good to have your Back Ups! :thumb:

    TH
     
  5. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    Are you running ESS & EAV at the same time? Not sure what you mean by installing Nod32. Upgrading versions tends to cause problems with Eset. best to uninstall Eset, then (if Vista/W7) delete the Eset directory in "\program data", reboot, then install Eset.

    For the rootkit check, run a full scan with Malwarebytes & then Prevx.
     
  6. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    You really should reset your Router after cleaning the IRC Bot!
    It modifies the router...
     
  7. PatG

    PatG Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    579
    Location:
    South Alabama
    No, am not running both at the same time. Uninstalled ESS using their uninstall tool, then installed NOD. Their uninstall tool takes it all out and have done ESS upgrades every time one has been available, no problem. I would suspect something else if it wasn't for the fact that both computers are doing the same thing and that was the ONLY change in the two.

    Full scan w/Prevx, MB, SuperAntispyware, and IS360, nothing found. Problem is, after installation of NOD and on the very FIRST boot, it hangs and computer is inoperable.
     
  8. PatG

    PatG Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    579
    Location:
    South Alabama
    And there lays the problem, I know. BUT...as stated in previous post, it only occurs when trying to execute NOD and computer hangs.
     
  9. DavidCo

    DavidCo Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    503
    Location:
    UK
    Do you have a spare router to eliminate the possible issue of router mod/infection
     
  10. PatG

    PatG Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    579
    Location:
    South Alabama
    No, I don't. Thought a router was supposed to prevent anything entering. :doubt:
     
  11. DavidCo

    DavidCo Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    503
    Location:
    UK
    'fraid not
    A router (NAT) will stop incoming that has not been requested/initiated from the 'inside' so to speak.
    However malware that has got in can initiate a call.
     
  12. PatG

    PatG Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    579
    Location:
    South Alabama
    After giving that some thought, power cycled the modem/router. My laptop is in the den, desktop is in the back of the house. Laptop is hard wired to the router, so thought that may be the problem. After recycling and disconnecting the internet cable from laptop to desktop, tried again. No joy.
     
  13. DavidCo

    DavidCo Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    503
    Location:
    UK
    It doesn't sound like the router, but having said that a power recycle will not 'clean' router software, just flushes the cache etc in case of a 'stale session'. A hard reset back to factory settings might. Have a copy of your current router setup saved somewhere!
    There is malware that targets Linux based routers and modifies the s/w.
    It sounds like Eset to me - ducks quickly.
     
    Last edited: Feb 24, 2010
  14. PatG

    PatG Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    579
    Location:
    South Alabama
  15. DavidCo

    DavidCo Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    503
    Location:
    UK
    I have 3 unused Eset licences (til Sept 2010) for that and similar issues.
    I do remember someone finding/posting a change to boot sequence of an Eset driver?
     
  16. PatG

    PatG Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    579
    Location:
    South Alabama
    Have a ticket w/ESET and think the mod of the forum will forward the boot pics comparisons to the powers that be. Feel like they would know what to do about correcting the problem. If you hear of something that works, please let me know.
     
  17. DavidCo

    DavidCo Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    503
    Location:
    UK
    Another suggestion from Eset was to ensure that network drivers were up to date.
     
Thread Status:
Not open for further replies.