Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Sir_Brizz on June 10, 2009, 08:31:05 PM

Title: Win32:RustNT Malware Found?
Post by: Sir_Brizz on June 10, 2009, 08:31:05 PM

I'm using Avast!4 Home Edition and one of the computers at my house found the malware (rootkit) Win32:RustNT. I've looked all over on Google and I can't find what this malware does or even is, whether it's dangerous or just some crappy rootkit that is useless but I should get rid of. I found it on beep.sys in the system32 folder. Quarantining it didn't work, I'm trying a boot time scan but it is still running.

Does anyone know anything about this virus?

Title: Re: Win32:RustNT Malware Found?
Post by: Jtaylor83 on June 10, 2009, 08:39:11 PM

I suggest: Trend Micro Rootkit Buster (http://www.trendmicro.com/download/rbuster.asp), F-secure Blacklight (http://www.f-secure.com/en_EMEA/products/technologies/blacklight/), SuperAntiSpyware Free (http://www.superantispyware.com/), or MBAM (http://www.malwarebytes.org/mbam.php).

Title: Re: Win32:RustNT Malware Found?
Post by: Sir_Brizz on June 10, 2009, 08:40:14 PM

Are any of those better than the other? I've never used any of them before (been out of the hardware business for 8+ years now).

Title: Re: Win32:RustNT Malware Found?
Post by: Maxx_original on June 10, 2009, 08:59:56 PM

it's a new variant of Rustock..

Title: Re: Win32:RustNT Malware Found?
Post by: Sir_Brizz on June 10, 2009, 09:08:59 PM

I don't know whether to be happy that you know, or sad that another variant of Rustock is out...

Title: Re: Win32:RustNT Malware Found?
Post by: Maxx_original on June 10, 2009, 11:42:29 PM

i just gave you a hint what to search on google... it's not so frequently seen infection, so i guess it would be better to find also some external resources and discuss the results here ;)

Title: Re: Win32:RustNT Malware Found?
Post by: Sir_Brizz on June 11, 2009, 09:23:34 AM

Well, the boot time scan found two files, beep.sys and glaide.sys. I just deleted them both and then ran a full system scan when the machine booted and it didn't find anything else. Good work, Avast!

Title: Re: Win32:RustNT Malware Found?
Post by: DavidR on June 11, 2009, 04:45:01 PM

Whilst it may not have been a problem in this case, deletion is a bad habit to get into.

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

Title: Re: Win32:RustNT Malware Found?
Post by: Sir_Brizz on June 11, 2009, 05:43:05 PM

I suppose that is what I should have done, in retrospect. I don't run into viruses/malware a lot so not well practiced in that. I don't even know how I would have or could have gotten it, my wife said it popped up while she was doing a google image search.