Other > Viruses and worms |
c:\windows\system32\svchost.exe Rootkit ;-( |
(1/34) > >> |
Merralux:
Hello(at first i want to say sorry for my english ;p), I have problem with that virus iv even formated all my disc's and its still there. Maybe its because new update? I would be glad to get fast answer beacause i have to make some transfers with my bank account. |
igor:
It might be a false alarm... What exactly is reported? |
Merralux:
File: c:\windows\system32\svchost.exe Name of virus: Win32:Rootkit-gen [Rtk] Type of virus: Rootkit VPS Version : 080603-0, 2008-06-03 |
Lisandro:
Can you send the file c:\windows\system32\svchost.exe to www.virustotal.com and check if it is infected? |
Merralux:
Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.5.30.1 2008.06.03 - AntiVir 7.8.0.26 2008.06.03 - Authentium 5.1.0.4 2008.06.02 - Avast 4.8.1195.0 2008.06.03 Win32:Rootkit-gen AVG 7.5.0.516 2008.06.03 - BitDefender 7.2 2008.06.03 - CAT-QuickHeal 9.50 2008.06.03 - ClamAV 0.92.1 2008.06.03 - DrWeb 4.44.0.09170 2008.06.03 - eSafe 7.0.15.0 2008.06.02 - eTrust-Vet 31.4.5845 2008.06.03 - Ewido 4.0 2008.06.03 - F-Prot 4.4.4.56 2008.06.02 - F-Secure 6.70.13260.0 2008.06.03 - Fortinet 3.14.0.0 2008.06.03 - GData 2.0.7306.1023 2008.06.03 Win32:Rootkit-gen Ikarus T3.1.1.26.0 2008.06.03 - Kaspersky 7.0.0.125 2008.06.03 - McAfee 5308 2008.06.02 - Microsoft 1.3604 2008.06.03 - NOD32v2 3155 2008.06.03 - Norman 5.80.02 2008.06.03 - Panda 9.0.0.4 2008.06.03 - Prevx1 V2 2008.06.03 - Rising 20.47.12.00 2008.06.03 - Sophos 4.29.0 2008.06.03 - Sunbelt 3.0.1143.1 2008.06.03 - Symantec 10 2008.06.03 - TheHacker 6.2.92.332 2008.06.03 - VBA32 3.12.6.7 2008.06.03 - VirusBuster 4.3.26:9 2008.06.03 - Webwasher-Gateway 6.6.2 2008.06.03 BlockReason.0 Dodatkowe informacje File size: 12800 bytes MD5...: b3c95bfeef6781a82a1c429f466a3a11 SHA1..: 32aa15820e984a79664db0fd48ae943931b83514 SHA256: ab4a8e6f19a4c6ea504efff99613a590861cd981849f71c3a859c9eaf23a3afd SHA512: 40ead71c8639ee659aab37839b72e8d20eec3a100750d627a562f2968bb1ee87 c4c6093a022a9d52f3a7a386a5ad9a18d72b1ff5beb833119109a9d968ce7da2 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1001ce2 timedatestamp.....: 0x3b7de4c5 (Sat Aug 18 03:45:09 2001) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2450 0x2600 6.10 c46beef3543b16a7814b0a030f0e5000 .data 0x4000 0x1f4 0x200 1.50 1a396ac5334432d459f3697937a48e6e .rsrc 0x5000 0x408 0x600 2.47 df415f1328865e4cbd290ad3189697e1 ( 4 imports ) > ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW > KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, GetCurrentProcess, GetCurrentThread, HeapAlloc, LoadLibraryExW, LeaveCriticalSection, lstrcmpW, EnterCriticalSection, LCMapStringW, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, FreeLibrary, InterlockedCompareExchange, LoadLibraryA, LocalFree, GetProcAddress, DelayLoadFailureHook, LocalAlloc > ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, RtlCopySid, RtlSubAuthorityCountSid, NtClose, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlUnhandledExceptionFilter, wcslen, RtlImageNtHeader > RPCRT4.dll: RpcMgmtSetServerStackSize, RpcMgmtWaitServerListen, RpcMgmtStopServerListening, RpcServerUnregisterIf, RpcServerUnregisterIfEx, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status ( 0 exports ) and that: Plik został już przeskanowany: MD5: b3c95bfeef6781a82a1c429f466a3a11 First received: 2008.06.03 10:25:55 (CET) Data: 2008.06.03 18:57:49 (CET) [<1D] Wyniki: 3/32 Permalink: analisis/9c696c71028cd43d361d6dc67cc61d60 Is it infected? |
Navigation |
Message Index |
Next page |