Rootkit Unhooker Log

Discussion in 'other anti-malware software' started by Mover, Jan 20, 2009.

Thread Status:
Not open for further replies.
  1. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    180
    I ran rootkit unhooker recently and have a few concerns with the results

    A) On startup of RKu, I had the following message

    Rootkit Unhooker has detected a parasite inside itself !

    Parasite type: Unknown remote thread
    Thread Id: 1020
    Priority: 8
    Thread start address: 0x781329E1
    Module: msvcr80.dll


    B) On the SSDT State tab I had

    NtAssignProcessToJobObject
    Actual Address 0x86D6D630
    Hooked by: Unknown module filename


    C) In addition, I had the following files hidden.

    Suspect File: C:\WINDOWS\SYSTEM32\ibfl.dat::$DATA Status: Hidden
    Suspect File: C:\WINDOWS\SYSTEM32\lkfl.dat::$DATA Status: Hidden
    Suspect File: C:\WINDOWS\SYSTEM32\pdfl.dat::$DATA Status: Hidden


    Any comments would be appreciated.
     

    Attached Files:

    Last edited: Jan 20, 2009
    Mover, Jan 20, 2009
    #1
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Zonealarm and consequences of Zonealarm.
    should be looked at, but first close programs and shut down all security software and scan again. If you have a suspicion for malware best not to post logs here, take it over to a dedicated removal forum but don't post log until asked.
     
    Last edited: Jan 21, 2009
    Meriadoc, Jan 21, 2009
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...