Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Sir_Brizz on June 10, 2009, 08:31:05 PM
-
I'm using Avast!4 Home Edition and one of the computers at my house found the malware (rootkit) Win32:RustNT. I've looked all over on Google and I can't find what this malware does or even is, whether it's dangerous or just some crappy rootkit that is useless but I should get rid of. I found it on beep.sys in the system32 folder. Quarantining it didn't work, I'm trying a boot time scan but it is still running.
Does anyone know anything about this virus?
-
I suggest: Trend Micro Rootkit Buster (http://www.trendmicro.com/download/rbuster.asp), F-secure Blacklight (http://www.f-secure.com/en_EMEA/products/technologies/blacklight/), SuperAntiSpyware Free (http://www.superantispyware.com/), or MBAM (http://www.malwarebytes.org/mbam.php).
-
Are any of those better than the other? I've never used any of them before (been out of the hardware business for 8+ years now).
-
it's a new variant of Rustock..
-
I don't know whether to be happy that you know, or sad that another variant of Rustock is out...
-
i just gave you a hint what to search on google... it's not so frequently seen infection, so i guess it would be better to find also some external resources and discuss the results here ;)
-
Well, the boot time scan found two files, beep.sys and glaide.sys. I just deleted them both and then ran a full system scan when the machine booted and it didn't find anything else. Good work, Avast!
-
Whilst it may not have been a problem in this case, deletion is a bad habit to get into.
Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.
-
I suppose that is what I should have done, in retrospect. I don't run into viruses/malware a lot so not well practiced in that. I don't even know how I would have or could have gotten it, my wife said it popped up while she was doing a google image search.