Help On Rootkit's And Hidden Files
If someone could please advise
when scanning for rootkits how do I find out if the hidden files I find are Legitimate
I did a rootkit scan and came up with 
C:\WINDOWS\SYSTEM32\kdtvd.exe Hiddenfile
C:\WINDOWS\SYSTEM32\kdtvd.exe.bd.ren Hiddenfile
C:\WINDOWS\Prefetch\KDTVD.EXE-07FD52E1.pf Hiddenfile
I tried gooleing but no match 
is there some way to check to see if they are not malware?
I certainly don't want screw things up nor do I want to be hijacked.
please Help
JC
Comments
-
Hello travelnet
Sometimes it could be hidden drivers that are use by copy protection. In this case the chance is very little that this is the case.
What I recommend you to do is go to start,run,type %systemroot% press enter now open the system 32 subfolder. When you done that go to tools,folder options,display (view) and check the option show hidden files and folders. Now archive the kdtvd.exe and kdtvd.exe.bd.ren into a password protected archive. Use infected as password. Make a reply now press on the browse button that you will find under the attachments section and now browse to the location of the archive you have made and press on upload. There is a 2 mb upload/file. I recommend that you quarantaine the file in the meantime. Open BitDefender when you are in the security center press on settings,antivirus,quarantaine,now keep your left mouse button pressed and release kdtvd.exe file in the quarantaine screen. In earlier versions of BitDefender you just have to press on antivirus.
The virus researchers will take a look at it.
Best regards
Niels0 -
Hello travelnet
Sometimes it could be hidden drivers that are use by copy protection. In this case the chance is very little that this is the case.
What I recommend you to do is go to start,run,type %systemroot% press enter now open the system 32 subfolder. When you done that go to tools,folder options,display (view) and check the option show hidden files and folders. Now archive the kdtvd.exe and kdtvd.exe.bd.ren into a password protected archive. Use infected as password. Make a reply now press on the browse button that you will find under the attachments section and now browse to the location of the archive you have made and press on upload. There is a 2 mb upload/file. I recommend that you quarantaine the file in the meantime. Open BitDefender when you are in the security center press on settings,antivirus,quarantaine,now keep your left mouse button pressed and release kdtvd.exe file in the quarantaine screen. In earlier versions of BitDefender you just have to press on antivirus.
The virus researchers will take a look at it.
Best regards
Niels
Thanks Niels
Real quick though, is there a reason I shouldn’t do the same with the_ “Prefetch\KDTVD.EXE-07FD52E1.pf Hiddenfile” or was that just an oversight.
Thank you for your time
JC0 -
Thanks Niels
Real quick though, is there a reason I shouldn’t do the same with the_ “Prefetch\KDTVD.EXE-07FD52E1.pf Hiddenfile” or was that just an oversight.
Thank you for your time
JC
Ok ! This is weird!
I did like you said, but when I got to the subfolders I could only find one of the three I mentioned, the kdtvd.exe.bd.ren I think because when I moved my mouse over it, It Disappeared GONE! VANISHED! Just an empty spot where it was. So I ran a rootkit scan again and Nothing. They’re gone or hiding somewhere else? 
I think I have a ghost
" />
JC0 -
Hello travelnet
Sorry I must overlooked it archive that file also.
Start your archive/compress tool and try to add the files while using the browse function of the program. If that fails :
Try this reboot your pc. But press several times on the F8 button before the windows loading screen select safe mode press enter. Log in with your account and try it again.
Best regards
Niels0
