TechSpot

Please help with Hacktool infection

By Chasmosaur
Sep 25, 2007
  1. To whom it may concern:

    Specs for my infected computer:
    Hewlett Packard HP Pavillion dv6000
    AMD Athlon 64 X2 Dual Core Processor
    1GB RAM (don't know the brand)
    100 GB hard drive, unpartitioned
    NVIDIA GeoForce Go 6150

    Despite the fact I have up to date Norton protection on my computer (which I run no less than every two days as I am an Internet consultant who has to occasionally access unsafe networks or am exposed to infected files to help my clients), I appear to have been infected with some malware. (Though from doing some research, it looks as if Norton may caused or exposed me to the infection - is this true?)

    Last night's Norton scan found Hacktool (no .extension, just Hacktool) in a file that's been clean on all previous scans (the file in question was a zip file that contained a utility to retrieve my Windows XP key - I only ran it once and I can't remember the name now). Normally, I don't access a whole lot through this machine, but I had to download some tools to demonstrate them to a client over the last two days. However, these were trusted sources and tools (things like CoffeeCup software and NitroPDF product trials), so I'm not 100% sure where I might have picked Hacktool up.

    I have noted no specific symptoms - the system runs cleanly and quickly. The only irregularity was yesterday morning I had some difficulties logging into a wireless hotspot where I was meeting a client - the computer locked up after I tried to run a program that had a JRE dependency. I thought perhaps, though, it was a problem with the JRE and dismissed it.

    After the Norton scan, I deleted the file in question since Norton couldn't remove it. I then did some research, and followed the instructions in your "Viruses/SpyWare/Malware preliminary instructions thread".

    Please note that once I got to these steps after running the other tools, The Anti-Rootkit tool detected no Rootkit issues, and SS&D detected no threats.

    Per your instructions, I am attaching a HijackThis log, an AVG anti-spyware log, and a ComboFix log. I am unsure how to read the HijackThis log or ComboFix log since I am not a security specialist, but the AVG Antispyware log only detected some medium-level tracking cookies which I have deleted.

    Could someone please review my logs and tell me how badly I've been infected and if I can possibly repair the damage? Normally, I would just format and start over, but I bought this machine about two months ago and downgraded from Vista. The downgrade was a royal pain in the derriere and I don't want to go through it again if at all possible.

    Thanks in advance for any help.
     
  2. spiritedwolf

    spiritedwolf TS Rookie

    Norton may be picking up the utility that you used to find your XP key simply because of the way it behaves. finding your xp key probably involves digging through the registry or files, something that Norton will pick up. Since you have noticed nothing wrong with the rest of the computer, this may be the case.
     
  3. Chasmosaur

    Chasmosaur TS Rookie Topic Starter

    Thanks!

    So my logs look okay then? And why would Norton pick it up now rather than a few weeks ago? Change in the virus definitions perhaps?

    At any rate, I'm trying out Kasperky Internet Security now since I have extended download with Norton. Gotta say, I'm loving the blocking of the banner ads - combined with Firefox, it's making surfing a much smoother experience.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...