Help On Rootkit's And Hidden Files

travelnet

If someone could please advise

when scanning for rootkits how do I find out if the hidden files I find are Legitimate

I did a rootkit scan and came up with :wacko:

C:\WINDOWS\SYSTEM32\kdtvd.exe Hiddenfile

C:\WINDOWS\SYSTEM32\kdtvd.exe.bd.ren Hiddenfile

C:\WINDOWS\Prefetch\KDTVD.EXE-07FD52E1.pf Hiddenfile

I tried gooleing but no match :blink:

is there some way to check to see if they are not malware?

I certainly don't want screw things up nor do I want to be hijacked.

please Help

Find more posts tagged with

Comments

Niels

Hello travelnet

Sometimes it could be hidden drivers that are use by copy protection. In this case the chance is very little that this is the case.

What I recommend you to do is go to start,run,type %systemroot% press enter now open the system 32 subfolder. When you done that go to tools,folder options,display (view) and check the option show hidden files and folders. Now archive the kdtvd.exe and kdtvd.exe.bd.ren into a password protected archive. Use infected as password. Make a reply now press on the browse button that you will find under the attachments section and now browse to the location of the archive you have made and press on upload. There is a 2 mb upload/file. I recommend that you quarantaine the file in the meantime. Open BitDefender when you are in the security center press on settings,antivirus,quarantaine,now keep your left mouse button pressed and release kdtvd.exe file in the quarantaine screen. In earlier versions of BitDefender you just have to press on antivirus.

The virus researchers will take a look at it.

Best regards

Niels

travelnet

Hello travelnet

Sometimes it could be hidden drivers that are use by copy protection. In this case the chance is very little that this is the case.

What I recommend you to do is go to start,run,type %systemroot% press enter now open the system 32 subfolder. When you done that go to tools,folder options,display (view) and check the option show hidden files and folders. Now archive the kdtvd.exe and kdtvd.exe.bd.ren into a password protected archive. Use infected as password. Make a reply now press on the browse button that you will find under the attachments section and now browse to the location of the archive you have made and press on upload. There is a 2 mb upload/file. I recommend that you quarantaine the file in the meantime. Open BitDefender when you are in the security center press on settings,antivirus,quarantaine,now keep your left mouse button pressed and release kdtvd.exe file in the quarantaine screen. In earlier versions of BitDefender you just have to press on antivirus.

The virus researchers will take a look at it.

Best regards

Niels

Thanks Niels

Real quick though, is there a reason I shouldn’t do the same with the_ “Prefetch\KDTVD.EXE-07FD52E1.pf Hiddenfile” or was that just an oversight.

Thank you for your time

travelnet

Thanks Niels

Real quick though, is there a reason I shouldn’t do the same with the_ “Prefetch\KDTVD.EXE-07FD52E1.pf Hiddenfile” or was that just an oversight.

Thank you for your time

JC

Ok ! This is weird!

I did like you said, but when I got to the subfolders I could only find one of the three I mentioned, the kdtvd.exe.bd.ren I think because when I moved my mouse over it, It Disappeared GONE! VANISHED! Just an empty spot where it was. :blink: So I ran a rootkit scan again and Nothing. They’re gone or hiding somewhere else? :unsure:

I think I have a ghost <img class= " />

Niels

Hello travelnet

Sorry I must overlooked it archive that file also.

Start your archive/compress tool and try to add the files while using the browse function of the program. If that fails :

Try this reboot your pc. But press several times on the F8 button before the windows loading screen select safe mode press enter. Log in with your account and try it again.

Best regards

Niels