|
Posted by DBLWizard on May 31, 2007, 6:46 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Symantec description for "HackTool" shows it to be HackTool.Rootkit
described in
http://www.symantec.com/security_response/writeup.jsp?docid=2002-011710-0057-99
are you saying this is incorrect? Or just mis diagnosed?
Thanks
dbl
wrote:
>
> | Howdy,
> |
> | I am looking for a little help here. I think one of my Development
> | servers is infected with Rootkit possibly called Hacktool.Rootkit.
> | The reason I say this is I have Norton Antivirus Corp Edition
> | installed and every night @ 12:03 for 2 minutes or if I do a "Scan
> | Computer" I get the following entries in the log but no prompts or
> | anything.
> |
> | Is there anyway to actually remove this or do I just need to rebuild
> | this system?
> |
> | Here are the entries in the log:
> |
> | Date Filename Virus Name Virus Type Action Taken Computer User
> | Original Location Status Current Location Primary Action Secondary
> | Action Scan Type
> | 5/31/2007 14:59 tmp.edb IRC.Family.Gen File Left alone REVELATIONS
> | SYSTEM C:\WINDOWS\SoftwareDistribution\DataStore\Logs\ Infected C:
> | \WINDOWS\SoftwareDistribution\DataStore\Logs\ Clean virus from file
> | Leave alone (log only) Manual scan
> | 5/31/2007 14:59 pack1771.exe W32.Swen.A@mm File Left alone REVELATIONS
> < snip >
>
> | \DOCUME~1\ADMINI~1\LOCALS~1\Temp\ActiveSync\ Clean virus from file
> | Leave alone (log only) Manual scan
> | 5/31/2007 14:58 MSOffExport[1].exe Trojan Horse File Left alone
> | REVELATIONS SYSTEM P:\CDrive\Documents and Settings\Default User\Local
> | Settings\Temporary Internet Files\Content.IE5\O9AVGDQZ\ Infected P:
> | \CDrive\Documents and Settings\Default User\Local Settings\Temporary
> | Internet Files\Content.IE5\O9AVGDQZ\ Clean virus from file Leave alone
> | (log only) Manual scan
>
> I don't see anything that can lead to the presumption of an infection with
> "Hacktool.Rootkit"
>
> Download MULTI_AV.EXE from the URL
--http://www.pctipp.ch/downloads/dl/35905.asp
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in
Normal Mode.
> This way all the components can be downloaded from each AV vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot
the PC.
>
> You can choose to go to each menu item and just download the needed files or
you can
> download the files and perform a scan in Normal Mode. Once you have downloaded
the files
> needed for each scanner you want to use, you should reboot the PC into Safe
Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to
run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
> file.
>
> Additional Instructions:http://pcdid.com/Multi_AV.htm
>
> * * * Please report back your results * * *
>
> --
>
Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm
| 
