Niko233 wrote:Hitman Pro use another AV engines for detection, Can you show Hitman Pro results for these files?
Yes! I can do it again and again:
You are very kindly 
But can you try another AV vendors? For example, Kaspersky Virus removal tool and CureIt from DrWeb?
I'm interesting in the name of this rootkit
You are very kindly
Bulbulator, but why to ask to post for prev. posted info? 
I only can not undestand you and others who done that and you are not alone in this :)
will see, can not promise that. On that computer work another new man, who was taken to the work. Kaspersky Virus removal tool and CureIt from DrWeb are taking too long to scan and too many system resources - probably they can not be executed while computer as busy by him. Let I tell you RAM size: 512 MB. :))))) Processor is not very slow: Intel Pentium 4 3.06 GHz. OS: WinXP with unknown to me SP (2 or 3).
Anything else not so heavy tools and/or any methods?
Thanks, will try as well as Webroot ZeroAccess Remover 0.8.0.1. GMER is already used as you can see by snapshots (but that it can here? just).
Will see, may be this stuff can be detected with updated virus definitions... who knows
---
May be to add an additional offline scan mode into Norton Power Eraser for advanced users for example?
How to detect malware if right now there is no internet connection or it blocked/disabled by malware?
Today I came to ofiice and saw that there is no Norton on the machine, and there is Kaspersky 6.0 (released in 2007 year as I know) on the machine. Norton was uninstalled from that machine, as expected :)) Norton have no good reputation in malware detection in our company. All machines have Kaspersky AV, only on my desktop I install Norton ;))). Probably only for some time.
I brought some files from infected computer on the work to the home computer, now copied with GMER and that we have:
TDSS tool
all 5 of 6 is Norton Trusted. VT:
and sptd.sys - not:
VT on sptd.sys:
AntiZeroAccess:
Four red-lighted files kl*.sys are Kaspersly Labs files, all signed and all Norton Trusted (only 1 snap for example):
Webroot AntiZeroAccess 0.8 Log File
Execution time: 27/09/2011 - 18:50
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 2
18:50:55 - CheckSystem - Begin to check system...
18:50:55 - OpenRootDrive - Opening system root volume and physical drive....
18:50:55 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x01483B3C sectors.
18:50:55 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
18:50:55 - InstallAndStartDriver - Main driver was installed and now is running.
18:50:55 - CheckSystem - Disk class driver state is OK.
18:50:56 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
18:50:56 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
18:50:56 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
18:50:56 - CheckFile - Unable to send FSCTL_GET_RETRIEVAL_POINTERS to file object. DeviceIoControl last error: 5
18:50:57 - CheckFile - Unable to read "sptd.sys" file. CreateFile last eror: 0x00000020.
18:50:57 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
18:50:57 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
18:50:57 - Execution Ended!
:)))))) no info... what is that - fresh Norton 2012, very old Kaspersky, newest TDSS killer, AntiZeroAccess do not knows...
HitmanPro and GMER can not find any infections in file structure or there is something not so ordinary. As I said earlier - I need tactics to collect sample(s) - steps sequence - what to do, step by step...
- �1995 - 2013 Symantec Corporation Legal Notice License Agreement Privacy Policy Cookies Site Map RSS
