Hacktool.rootkit (wincab.sys & amvo.exe)

By scanlas
Feb 11, 2008
  1. Hello
    This is my first post, and I'll try and be as specific as possible. I hope you all can help. I am currently not on the PC I am speaking of so producing a HiJackthis file we'll have to wait till this afternoon, but I did want some opinions as to what maybe going on so far.

    I work between my home desktop and work laptop. I have Norton Antivirus (corporate edition) on my home PC and Enterprise McAfee on my laptop.

    Two days ago I noticed that my Norton was starting to pick up a "hacktool.rootkit" virus and it would always happen on login and then sometimes later on ain a session, In most cases it either quarantined it or deleted it "successfully" Still being wary I re-install my OS (after backing up my documents and files). After re-install of my OS and transfer of some files, i then placed a USB memory stick into my desktop and then noticed once again that Norton detected the hacktool.rootkit. I placed wincab.sys and amvo.exe in the subject because before i re-installed the OS I would notice that the hacktool.rootkit was found in wincab.sys (but it wouldnt ALWAYS be there). Amvo.exe would be an error that would pop us as well right before Norton showed that it recognized the hacktool.rootkit.

    Now I use these USB drives between my laptop (corporately given and managed) and desktop. MCafee hasnt stated anything about the hacktool.rootkit virus but my Norton equipped Desktop has.

    Do you think that my USB Thumb Drives are the items that are carrying and infecting my desktop?

    I'll place a hiJackThis file up later this evening. Thanks
  2. skeuos

    skeuos TS Rookie

    Can't answer perfectly, but I would say it's a possibility. I've encountered viruses that travel specifically by jump drive recently, and I'm suspecting that my jump drive could be to blame also (it recently had an infection that I caught). I've been fighting hacktool.rootkit also; if you haven't found it, this link may help:

    Best wishes with this!
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...