TechSpot

Hacktool.rootkit infection

By t42
May 19, 2009
  1. Hi, Symantec picked up the hacktool.rootkit trojan on my laptop (in the new_drv.sys file).

    My computer is an IBM T42P running Windows XP with all the latest patches. This happened soon after extracting a RAR file, not sure if that's how the trojan installed itself.

    I've tried VundoFix but it could not find anything. I followed the instructions on the other thread here using Sysclean and AproposFix, but it did not work either.

    Attached is my HJT log.

    Many thanks for your help!
    Tommy

    *UPDATE* This log below is the original from 5/19. Since this log was made, I ran Spybot S&D and some other scans. See the next post for the latest log.
     
  2. t42

    t42 TS Rookie Topic Starter

    *UPDATE* Since this above log was made, I ran Spybot S&D and some other scans. Here is the latest log, any help would be greatly appreciated, been trying to clean my laptop for 48 hrs straight and am going out of my mind!
     
  3. t42

    t42 TS Rookie Topic Starter

    When I first ran Rootkit Revealer, it pointed to 5 files in some folder nested inside the folders that MSN Messenger uses to download files. I tried to navigate to that folder but could not see it in Windows Explorer. I deleted that the next folder up the tree (didn't need it). Then ran spybot. Not sure if the rootkit is still there, here is the latest RKR log:

    HKLM\SECURITY\Policy\Secrets\SAC* 2/20/2003 12:30 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SECURITY\Policy\Secrets\SAI* 2/20/2003 12:30 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 4/8/2009 9:33 AM 0 bytes Access is denied.

    I used to have Daemon tools, which I read can cause the last flag?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...