Re: Hacktool.Rootkit ??
- From: "Phil Weldon" <not.disclosed@xxxxxxxxxxx>
- Date: Fri, 01 Jun 2007 04:03:46 GMT
'DBLWizard' wrote, in part:
| I am looking for a little help here. I think one of my Development
| servers is infected with Rootkit possibly called Hacktool.Rootkit.
| The reason I say this is I have Norton Antivirus Corp Edition
| installed and every night @ 12:03 for 2 minutes or if I do a "Scan
| Computer" I get the following entries in the log but no prompts or
| anything.
|
| Is there anyway to actually remove this or do I just need to rebuild
| this system?
|
| Here are the entries in the log:
..
..
5/31/2007 14:59 regger.exe Hacktool File Left alone REVELATIONS SYSTEM
C:\WINDOWS\system32\ Infected C:\WINDOWS\system32\ Clean virus from
file Leave alone (log only) Manual scan
..
..
_____
Was it really necessary to post ALL the duplicate Swen worm log entries?
That worm hasn't been active for four years. As for your concern about
'Hacktool.Rootkit', the log you posted does not include that finding; what
Symantec identifies as 'Hacktool' is NOT the same as 'Hacktool.Rootkit', and
is not viral. Symantec identifies 'Hacktool' as generic for tools that can
be used to attack OTHER systems.
You now have the 'sour milk' problem. Since the question has been raised of
possible infection, by all means follow the suggestions posted by 'David H.
Lipman'. And you might want to contact Symnatec also (and possibly read the
manual.)
Phil Weldon
"DBLWizard" <ibflyfishin@xxxxxxxxx> wrote in message
news:1180646048.620294.106330@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
| Howdy,
|
| I am looking for a little help here. I think one of my Development
| servers is infected with Rootkit possibly called Hacktool.Rootkit.
| The reason I say this is I have Norton Antivirus Corp Edition
| installed and every night @ 12:03 for 2 minutes or if I do a "Scan
| Computer" I get the following entries in the log but no prompts or
| anything.
|
| Is there anyway to actually remove this or do I just need to rebuild
| this system?
|
| Here are the entries in the log:
|
| Date Filename Virus Name Virus Type Action Taken Computer User
| Original Location Status Current Location Primary Action Secondary
| Action Scan Type
| 5/31/2007 14:59 tmp.edb IRC.Family.Gen File Left alone REVELATIONS
| SYSTEM C:\WINDOWS\SoftwareDistribution\DataStore\Logs\ Infected C:
| \WINDOWS\SoftwareDistribution\DataStore\Logs\ Clean virus from file
| Leave alone (log only) Manual scan
| 5/31/2007 14:59 pack1771.exe W32.Swen.A@mm File Left alone REVELATIONS
| SYSTEM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ActiveSync\ Infected C:
| \DOCUME~1\ADMINI~1\LOCALS~1\Temp\ActiveSync\ Clean virus from file
| Leave alone (log only) Manual scan
<additional W32.Swen.A@mm snipped as redundant>
5/31/2007 14:59 regger.exe Hacktool File Left alone REVELATIONS SYSTEM
C:\WINDOWS\system32\ Infected C:\WINDOWS\system32\ Clean virus from
file Leave alone (log only) Manual scan
5/31/2007 14:59 pack1771.exe W32.Swen.A@mm File Left alone REVELATIONS
SYSTEM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ActiveSync\ Infected C:
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ActiveSync\ Clean virus from file
Leave alone (log only) Manual scan
5/31/2007 14:59 pack1771.exe W32.Swen.A@mm File Left alone REVELATIONS
SYSTEM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ActiveSync\ Infected C:
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ActiveSync\ Clean virus from file
Leave alone (log only) Manual scan
5/31/2007 14:59 mspool.exe Backdoor.Usirf File Left alone REVELATIONS
SYSTEM C:\WINDOWS\system32\ Infected C:\WINDOWS\system32\ Clean virus
from file Leave alone (log only) Manual scan
<additional W32.Swen.A@mm snipped as redundant>
| 5/31/2007 14:58 MSOffExport[1].exe Trojan Horse File Left alone
| REVELATIONS SYSTEM P:\CDrive\Documents and Settings\Default User\Local
| Settings\Temporary Internet Files\Content.IE5\O9AVGDQZ\ Infected P:
| \CDrive\Documents and Settings\Default User\Local Settings\Temporary
| Internet Files\Content.IE5\O9AVGDQZ\ Clean virus from file Leave alone
| (log only) Manual scan
| 5/31/2007 14:58 MSOffExport[1].exe Trojan Horse File Left alone
| REVELATIONS SYSTEM P:\CDrive\Documents and Settings\ASPNET\Local
| Settings\Temporary Internet Files\Content.IE5\O9AVGDQZ\ Infected P:
| \CDrive\Documents and Settings\ASPNET\Local Settings\Temporary
| Internet Files\Content.IE5\O9AVGDQZ\ Clean virus from file Leave alone
| (log only) Manual scan
| 5/31/2007 14:58 MSOffExport[1].exe Trojan Horse File Left alone
| REVELATIONS SYSTEM P:\CDrive\Documents and Settings\sshadmin\Local
| Settings\Temporary Internet Files\Content.IE5\O9AVGDQZ\ Infected P:
| \CDrive\Documents and Settings\sshadmin\Local Settings\Temporary
| Internet Files\Content.IE5\O9AVGDQZ\ Clean virus from file Leave alone
| (log only) Manual scan
| 5/31/2007 14:58 pack1771.exe W32.Swen.A@mm File Left alone REVELATIONS
| SYSTEM C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ActiveSync\ Infected C:
| \DOCUME~1\ADMINI~1\LOCALS~1\Temp\ActiveSync\ Clean virus from file
| Leave alone (log only) Manual scan
<additional W32.SWEN.A@mm entries snipped as redundant>
.
- Follow-Ups:
- Re: Hacktool.Rootkit ??
- From: DBLWizard
- Re: Hacktool.Rootkit ??
- Prev by Date: Re: Hacktool.Rootkit ??
- Next by Date: Re: Hacktool.Rootkit ??
- Previous by thread: Re: Hacktool.Rootkit ??
- Next by thread: Re: Hacktool.Rootkit ??
- Index(es):
Relevant Pages
|
