TechSpot

Please help, hacktool.rootkit, effects sysrest.sys

By gowfather
Aug 26, 2008
Topic Status:
Not open for further replies.
  1. Hello, first off I am not so ignorant to have never researched this problem, and attempted some things to get rid of it on my own before I come to a forum and beg for help. If you've got time and superior knowledge please help me.

    Overview:
    -I have Windows XP Pro, and Symatec antivirus(work computer).
    -Last week with a insane deadline at work I found myself on the wrong downloading pages for daemon tools and managed to get hacktool.rootkit.
    -I've since uninstalled daemon tools.

    -Symantec has been removing the hacktool.rootkit everytime I start up. When I look at the details in the risk historys it shows me Infected file(c:\Windows\system32\sysrest.sys and Service(sysrest.sys)
    -Symantec keeps needing to reboot to get rid of this, but we all know it keeps coming back and never finishes it off

    -I learned yesterday about Hijack this, ran it, and tried to learn about each thing appearing on it. I couldn't figure much out other then disabling a few pointless things. I've attached my most recent scan.

    -I learned yesterday about rootkit revealer(put it NOT on desktop, and renamed it nailsetter.exe as I read somewhere else to do). I found the following
    -HKLM\SECURITY\Policy\Secrets\SAC* dated 3/8/2005
    -HKLM\SECURITY\Policy\Secrets\SAI* ''same, old probably nothing?
    -HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg dated: 8/20/2008 1254pm

    -Access is denied for sptd\Cfg

    -I know that folder in the registry is created by daemon tools. I didn't see why now that I had uninstalled daemon tools why I couldn't delete the entire sptd folder in the registry.... i tried, it deleted most of everything, next start up, everything else was back again and with my intermediate IQ of computers, that seemed significant.

    -I've read a previous post where RealBlackStuff helped Jasper on the forum. I think out cases may be similar but not exact. reference link: I was going to link, but i dont have 5 posts....

    So this is where I am at thus far. If you can help please do. Thank you very much.

    Shayne
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.