Trend Micro RootkitBuster 1.6.0.1049 beta

Discussion in 'other anti-malware software' started by Chubb, Dec 22, 2006.

Thread Status:
Not open for further replies.
  1. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
  2. mata7

    mata7 Registered Member

    Joined:
    Nov 8, 2005
    Posts:
    635
    Location:
    Mississauga, Canada
    i did a scan a encounter this, i don't know if i should delete it, do you know anything about? thanks

    http://img.photobucket.com/albums/v330/MATA7/rokiy.png

    logo info

    --== Dump Hidden File on C:\ ==--
    No hidden files found.

    --== Dump Hidden Registry Value on HKLM ==--
    No hidden registry entries found.


    --== Dump Hidden Process ==--
    No hidden processes found.

    --== Dump Hidden Driver ==--
    No hidden drivers found.

    --== Service Win32 API Hook List ==--
    [HOOKED_SERVICE_API]:
    Service API : ZwClose
    Image Path : d347bus.sys
    OriginalHandler : 0x80566c49
    CurrentHandler : 0xf84ff818
    ServiceNumber : 0x19
    ModuleName : d347bus.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwCreateKey
    Image Path : d347bus.sys
    OriginalHandler : 0x8056e861
    CurrentHandler : 0xf84ff7d0
    ServiceNumber : 0x29
    ModuleName : d347bus.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwCreatePagingFile
    Image Path : d347bus.sys
    OriginalHandler : 0x805b78d0
    CurrentHandler : 0xf84f3a20
    ServiceNumber : 0x2d
    ModuleName : d347bus.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
     
  3. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    I can't even run the program. :'(

    I got this error, although I am logged in using the administrator account.
     

    Attached Files:

  4. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Those are Spyware Terminator hooks. Do not delete.

    Best regards,
    Firefighter!
     
    Last edited by a moderator: Dec 22, 2006
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I think that these are Daemon Tools entries.
     
  6. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Since v4.00 Daemon Tools is
    Adware
    .

    Best regards,
    Firefighter!
     
  7. mata7

    mata7 Registered Member

    Joined:
    Nov 8, 2005
    Posts:
    635
    Location:
    Mississauga, Canada
    thanks i dont use ST anymore i istalled once and unistalled and run a image back, so it could be Daemon Tools cause i use it, i use version 3.7

    do you know exactly which one are for ST so i can delet it

    THANKS
     
  8. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Yeah I looked at this the other day it was posted in the 'other anti-virus software'
     
  9. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    I've just tested it versus Rustock B malware rootkit infection and now i know why theres a new release:D

    Versus Rustock B =see's and deletes Rustock registry keys=effective kill:thumb:

     
  10. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I get the same thing with Trend Micro RootkitBuster 1.6-1055 Beta, even when running as a member of the Administrators group. Annoying.

    But it didn't fail to add a driver file to my %systemroot%\system32\drivers directory, or a log file to %systemroot%.
     
  11. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Same here, same message. After a few tries I deleated it.
     
Loading...
Thread Status:
Not open for further replies.