TechSpot

Hacktool.Rootkit issue

By hollowimage
Jan 7, 2006
  1. I have this hacktool.root problem, however it seems to vary from the most common ones.

    it all happaned when i like an ***** launched an .exe which got from a buddy. long story short, Norton started to shout that initially Tojan was detected is a "c:\xz.bat" and thne instantly a "C:\Documents and Settings\Dad\msdirectx.sys " with a hacktool.rootkit issue was detected

    i shut off the network card right away and started runnin scans. however Norton could not locate anything again. I found this rather wierd and decided to look in the processes manually. i found someting called "lockbar.exe" which wasnt there before and terminated the process. Followed by that i found the file itself, in the system folder and deleted it as well. And my guess is that it should have solved the problem, but internet is still poorly accesable. And heres a curious thing, if i simply try to get on the internet, it wont let me. However, as soon as i launch a Norton full system virus scan, it magically allows me on. Seems as though virus detects the Norton scan and "shuts down" so to speak...but anyway

    I think something is still left, mainly in that "msdirectx.sys" file. I tried looking for stuff like xpjava and other common files, but was unable to find any of those of my system yet.

    heres an attachment of the HJT log. Any help would be greatly appreciated.

    -Alex Lalayants

    P.S. As i looked through the HJT log, i found several lines, referring back to lockbar.exe:

    O4 - HKLM\..\Run: [fresxstyle] lockbar.exe
    O4 - HKCU\..\Run: [fresxstyle] lockbar.exe

    however i may have a feeling that theres more. Plus i wasnt sure if i could just delete those suckers, or if theyre part of some system file
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Read and follow the 'Read: How to...' posts.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.