TechSpot

Please help, hacktool.rootkit, effects sysrest.sys

By gowfather
Aug 26, 2008
  1. Hello, first off I am not so ignorant to have never researched this problem, and attempted some things to get rid of it on my own before I come to a forum and beg for help. If you've got time and superior knowledge please help me.

    Overview:
    -I have Windows XP Pro, and Symatec antivirus(work computer).
    -Last week with a insane deadline at work I found myself on the wrong downloading pages for daemon tools and managed to get hacktool.rootkit.
    -I've since uninstalled daemon tools.

    -Symantec has been removing the hacktool.rootkit everytime I start up. When I look at the details in the risk historys it shows me Infected file(c:\Windows\system32\sysrest.sys and Service(sysrest.sys)
    -Symantec keeps needing to reboot to get rid of this, but we all know it keeps coming back and never finishes it off

    -I learned yesterday about Hijack this, ran it, and tried to learn about each thing appearing on it. I couldn't figure much out other then disabling a few pointless things. I've attached my most recent scan.

    -I learned yesterday about rootkit revealer(put it NOT on desktop, and renamed it nailsetter.exe as I read somewhere else to do). I found the following
    -HKLM\SECURITY\Policy\Secrets\SAC* dated 3/8/2005
    -HKLM\SECURITY\Policy\Secrets\SAI* ''same, old probably nothing?
    -HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg dated: 8/20/2008 1254pm

    -Access is denied for sptd\Cfg

    -I know that folder in the registry is created by daemon tools. I didn't see why now that I had uninstalled daemon tools why I couldn't delete the entire sptd folder in the registry.... i tried, it deleted most of everything, next start up, everything else was back again and with my intermediate IQ of computers, that seemed significant.

    -I've read a previous post where RealBlackStuff helped Jasper on the forum. I think out cases may be similar but not exact. reference link: I was going to link, but i dont have 5 posts....

    So this is where I am at thus far. If you can help please do. Thank you very much.

    Shayne
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...