TechSpot

May still be infected with Hacktool.rootkit and xz.bat

By SharpDoggy
Oct 28, 2005
  1. My girlfriend unfortunatly clicked on a link one of her friends "sent" her through AIM. Most people may be aware that this is the hacktool.rootkit, which includes xz.bat and msdirectx.sys. I have attached the HiJack logfile (since I didnt see the post where ones in the post will be deleted).

    I have tried doing the instructions that were shown in this forum, however, I did not have any luck.

    I have downloaded NOD32 but that too has had no effect.

    Currently the norton antivirus claims to have the files quarantined, however, I do not fully trust that.


    I am at her college attempting to fix this so if anyone can help me with this PLEASE PLEASE PLEASE help me!

    thanks soooo much in advance

    Kind Regards,
    Michael
     
  2. SharpDoggy

    SharpDoggy TS Rookie Topic Starter

    Also, I keep getting APQ**.tmp files in the C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\ folder.

    Along with this it says hacktool.rootkit as well as trojan horse in the auto-protect results. This .tmp files are coming at a constant rate.
     
  3. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    First Read: Only use these HJT-instructions when asked!
    /P/ Process needs to be stopped
    /S/ Service needs to be stopped
    /U/ UNinstall anything to do with this
    /R/ unRegister the xxx.DLL in that line
    The text between the dotted lines underneath goes between the dotted lines of that post.
    Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
    ...................................................................................................
    /R/ O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    /R/U/ O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    /P/S/ O23 - Service: TUDNNMTBHF - Sysinternals - www.sysinternals.com - C:\DOCUME~1\AMYPEL~1\LOCALS~1\Temp\TUDNNMTBHF.exe
    /P/S/ O23 - Service: VQSQOFW - Sysinternals - www.sysinternals.com - C:\DOCUME~1\AMYPEL~1\LOCALS~1\Temp\VQSQOFW.exe
    ...................................................................................................
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...