Rootkit: hidden file not deleting

[essexboy]

Hmm that is a legitimate file though lets run it through Jotti, although the possibility exists that it has been subborned 

Jotti File Submission:

• Please go to Jotti's malware scan
   
  
• Copy and paste the following file path into  the  "File to upload & scan"box on the top of the page:
   
  
  • c:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a\RegCode.dll
• Click on the submit button
• Please post the results in your next reply.

[phesketh]

It cannot find the file.   so I double checked on a dos window
and was missing a 3a at the end of the number .

It still couldnt find the file so I tried to cd into the directory in dos window and it says
Data error <cyclic redundancy check>.

Any ideas ?

Paula

[phesketh]

OK I just realized something .... and have been informed that I have been an idiot
(so you dont need to do it again)
Avast is giving me cyclic redundancy errors in this directory
and in two others
C:\WINDOWS\assembly\GAC\SystemManagement\1.0.5000....a3\__AssemblyInfo__.ini
and
C:\WINDOWS\assembly\GAC\SystemManagement\1.0.........a3\SystemManagement.dll

Now that I understand what cyclic redundancy actually means ... I suspect this is
why I get the rootkit hidden file message and is leftovers from some virus ?

anyway to fix these ?

Paula

[essexboy]

First thing to do is check the hard drive in case it is located in a bad cluster using chkdisc http://www.ehow.com/how_2052292_run-chkdsk-f-windows-xp.html

If that does not resolve it then an uninstall and reinstall of dotnet framework 1.0 would probably clear it