[removed] Antivirus Finds 100+hidden Rootkits

scorpact
scorpact
edited December 2008 in Logs analysis

Hi,


last weekend when doing my regular weekly virus scan,suddenly [removed] found over 100 hidden rootkits which it listed as suspicious.It gives the option to either delete or ignore,however if you choose ignore the scan doesn't complete.So running the scan again and when it got to the part where it finds the 100+ hidden rootkits I chose the delete option.Choosing that it gives a message recommending a boot scan(looks similar to when you run scan disk),so I did that and it came up with no errors.


Then today when running [removed] again,it again found the same 100+ hidden rootkits and I went through the same process with the same result.I then ran superantispyware and it found no problems either,yet the 100+ hidden rootkits are still showing despite [removed] supposedly deleting them.I am wondering if they are false positives?Not being very computer savvy,don't know where else to look or to do.I have run my hijack this program and the log is below(as this is my first post,apologies if am posting the hjt log in the wrong place):-


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 10:25:54 AM, on 7/12/2008


Platform: Windows XP SP1 (WinNT 5.01.2600)


MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\Program Files\Alwil Software\[removed]4\aswUpdSv.exe


C:\WINDOWS\Explorer.EXE


C:\Program Files\Alwil Software\[removed]4\ashServ.exe


D:\Program Files\MultiRes\MultiRes.exe


C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe


C:\PROGRA~1\ALWILS~1\[removed]4\ashDisp.exe


C:\WINDOWS\System32\ctfmon.exe


C:\WINDOWS\system32\spoolsv.exe


C:\WINDOWS\System32\nvsvc32.exe


C:\Program Files\Alwil Software\[removed]4\ashWebSv.exe


C:\Program Files\Alwil Software\[removed]4\ashMaiSv.exe


C:\Program Files\Internet Explorer\IEXPLORE.EXE


D:\Program Files\HJT\hijackthis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify...=au&.src=ym


O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx


O4 - HKLM\..\Run: [MultiRes] D:\Program Files\MultiRes\MultiRes.exe


O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe


O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup


O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe


O4 - HKLM\..\Run: [[removed]!] C:\PROGRA~1\ALWILS~1\[removed]4\ashDisp.exe


O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe


O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background


O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')


O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')


O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')


O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll


O15 - Trusted Zone: http://www.carltonfan.com


O15 - Trusted Zone: http://my.ebay.com


O15 - Trusted Zone: http://convert.neevia.com


O15 - Trusted Zone: www.paypal.com


O15 - Trusted Zone: www.starpages.net


O17 - HKLM\System\CCS\Services\Tcpip\..\{B398CF64-1D72-4B0E-99D1-5AF072998379}: NameServer = 203.194.27.57 203.194.56.150


O23 - Service: [removed] iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\[removed]4\aswUpdSv.exe


O23 - Service: [removed]! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\[removed]4\ashServ.exe


O23 - Service: [removed]! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\[removed]4\ashMaiSv.exe


O23 - Service: [removed]! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\[removed]4\ashWebSv.exe


O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


--


End of file - 3283 bytes

Comments

  • alexcrist
    alexcrist

    Hello,


    I'm sorry if this seems rude to you, but did you notice that this is the BitDefender forum? The least you could do (not being a BitDefender user) is to make a BitDefender Online Scan and post the results.


    Cris.


    ==CLOSED==

This discussion has been closed.

All Time Leaders

Categories

Defenders of the month