Trend Micro RootkitBuster 1.6.0.1049 beta

Discussion in 'other anti-malware software' started by Chubb, Dec 22, 2006.

Thread Status:
Not open for further replies.
  1. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
  2. mata7

    mata7 Registered Member

    Joined:
    Nov 8, 2005
    Posts:
    635
    Location:
    Mississauga, Canada
    i did a scan a encounter this, i don't know if i should delete it, do you know anything about? thanks

    http://img.photobucket.com/albums/v330/MATA7/rokiy.png

    logo info

    --== Dump Hidden File on C:\ ==--
    No hidden files found.

    --== Dump Hidden Registry Value on HKLM ==--
    No hidden registry entries found.


    --== Dump Hidden Process ==--
    No hidden processes found.

    --== Dump Hidden Driver ==--
    No hidden drivers found.

    --== Service Win32 API Hook List ==--
    [HOOKED_SERVICE_API]:
    Service API : ZwClose
    Image Path : d347bus.sys
    OriginalHandler : 0x80566c49
    CurrentHandler : 0xf84ff818
    ServiceNumber : 0x19
    ModuleName : d347bus.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwCreateKey
    Image Path : d347bus.sys
    OriginalHandler : 0x8056e861
    CurrentHandler : 0xf84ff7d0
    ServiceNumber : 0x29
    ModuleName : d347bus.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwCreatePagingFile
    Image Path : d347bus.sys
    OriginalHandler : 0x805b78d0
    CurrentHandler : 0xf84f3a20
    ServiceNumber : 0x2d
    ModuleName : d347bus.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
     
  3. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    I can't even run the program. :'(

    I got this error, although I am logged in using the administrator account.
     

    Attached Files:

  4. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Those are Spyware Terminator hooks. Do not delete.

    Best regards,
    Firefighter!
     
    Last edited by a moderator: Dec 22, 2006
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I think that these are Daemon Tools entries.
     
  6. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Since v4.00 Daemon Tools is
    Adware
    .

    Best regards,
    Firefighter!
     
  7. mata7

    mata7 Registered Member

    Joined:
    Nov 8, 2005
    Posts:
    635
    Location:
    Mississauga, Canada
    thanks i dont use ST anymore i istalled once and unistalled and run a image back, so it could be Daemon Tools cause i use it, i use version 3.7

    do you know exactly which one are for ST so i can delet it

    THANKS
     
  8. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Yeah I looked at this the other day it was posted in the 'other anti-virus software'
     
  9. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    I've just tested it versus Rustock B malware rootkit infection and now i know why theres a new release:D

    Versus Rustock B =see's and deletes Rustock registry keys=effective kill:thumb:

     
  10. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
    I get the same thing with Trend Micro RootkitBuster 1.6-1055 Beta, even when running as a member of the Administrators group. Annoying.

    But it didn't fail to add a driver file to my %systemroot%\system32\drivers directory, or a log file to %systemroot%.
     
  11. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    Same here, same message. After a few tries I deleated it.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.