Please help, hacktool.rootkit, effects sysrest.sys

Status
Not open for further replies.
Hello, first off I am not so ignorant to have never researched this problem, and attempted some things to get rid of it on my own before I come to a forum and beg for help. If you've got time and superior knowledge please help me.

Overview:
-I have Windows XP Pro, and Symatec antivirus(work computer).
-Last week with a insane deadline at work I found myself on the wrong downloading pages for daemon tools and managed to get hacktool.rootkit.
-I've since uninstalled daemon tools.

-Symantec has been removing the hacktool.rootkit everytime I start up. When I look at the details in the risk historys it shows me Infected file(c:\Windows\system32\sysrest.sys and Service(sysrest.sys)
-Symantec keeps needing to reboot to get rid of this, but we all know it keeps coming back and never finishes it off

-I learned yesterday about Hijack this, ran it, and tried to learn about each thing appearing on it. I couldn't figure much out other then disabling a few pointless things. I've attached my most recent scan.

-I learned yesterday about rootkit revealer(put it NOT on desktop, and renamed it nailsetter.exe as I read somewhere else to do). I found the following
-HKLM\SECURITY\Policy\Secrets\SAC* dated 3/8/2005
-HKLM\SECURITY\Policy\Secrets\SAI* ''same, old probably nothing?
-HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg dated: 8/20/2008 1254pm

-Access is denied for sptd\Cfg

-I know that folder in the registry is created by daemon tools. I didn't see why now that I had uninstalled daemon tools why I couldn't delete the entire sptd folder in the registry.... i tried, it deleted most of everything, next start up, everything else was back again and with my intermediate IQ of computers, that seemed significant.

-I've read a previous post where RealBlackStuff helped Jasper on the forum. I think out cases may be similar but not exact. reference link: I was going to link, but i dont have 5 posts....

So this is where I am at thus far. If you can help please do. Thank you very much.

Shayne
 
Status
Not open for further replies.
Back