|Over the course of the last two weeks I have been sensing the tell tale signs of rootkits. I have however been unsuccessful in pinpointing where its at. I am no stranger to dealing with Malware, but im lost on this. It is possible I am in fact wrong, and have no rootkit anymore, however after dealing extensively with them in the past I would rather nip it in the butt now if so. While I am no expert in malware, I am in the software industry and understand my way around the windows environment. |
I am using Windows 7 HP 64 bit
Intel Core 2 Duo 2.2Ghz
I have never posted on here im not sure what info you need.
I have found some folders which are locked (which i cant reset in security options, something which has never happened to me on win 7) along with changes in the general behavior of windwos (vague i know). I have ripped through using just about every rootkit scanner i can find.
RegRun - suspicious HP drivers
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR
TDSS Killer - locked/suspicious sptd.sys (located in the system32)
detected NTDLL code modification:
ZwEnumerateKey 0 != 47,
ZwQueryKey 0 != 19,
ZwOpenKey 0 != 15,
ZwClose 0 != 12,
ZwEnumerateValueKey 0 != 16,
ZwQueryValueKey 0 != 20,
ZwOpenFile 0 != 48,
ZwQueryDirectoryFile 0 != 50,
ZwQuerySystemInformation 0 != 51Initialization error
Sophos found hidden files in
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Log\ERRORLOG.6
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxDTA.exe
T:\Dropbox\Public\Huberts Hosted Softwares\RegRun Reanimator 184.108.40.206\GWebUpdate.exe\
low orbit ion cannon - easy DDOS tool
hacker defender - easy rootkit
I will stop here until further action is requested.
I have my Hijack this log and anything else needed.
In advance thanks for everything.