Author Topic: Rootkit Hidden Service Found (Read 6746 times)

kylieb · « **on:** August 02, 2012, 01:11:10 PM »

Hi.

Yesterday I had avast detect a Rootkit threat found. I followed the suggested advice and "deleted" and rebooted and allowed Avast to do a full scan before my computer started. The results came back clean and no threat detected.
Twice last night the same message popped up again, I did the delete and reboot again with the same results so with the 3rd time I ignored.
Tonight I'm having the same problem only now I'm getting an error message saying action was unable to be performed. I performed a scan and I threat was detected but I haven't done a reboot as of yet simply because it takes so damn long and I dont want to have the same results as last night.
I have a few screen shots of the log for the scan and the message I received but I'm unsure how to attached them/post them.
The result reads as -
File name SVC:swcustcfg>

Severity High
Status Threat: Rootkit: hidden service
Action Delete
Result X Error: Error: 0xA0000101.(-1610612479)

Is this a false positive??

Thanks
Kylie

twistedjoke · « **Reply #1 on:** August 02, 2012, 02:41:32 PM »

Really hope you get your problem solved, the very same incident has happened to me where I wasn't able to delete them because of an error. And I followed that with a full scan and the rootkit threat was no longer there. Its been worrying me all day, even getting paranoid that my reboots take longer than usual and the computer altogether is slower.

kylieb · « **Reply #2 on:** August 03, 2012, 01:28:12 AM »

If I do a boot scan it doesn't detect it but when I have finished re-boot it detects it on start up... What's going on >.<

Pondus · « **Reply #3 on:** August 03, 2012, 11:46:32 AM »

follow this guide and attach (not copy and paste) logs from Malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

kylieb · « **Reply #4 on:** August 03, 2012, 12:49:03 PM »

As I said in my first post I don't know how to attach files, I've tried and nothing happens. I dont have an additional options option at the bottom of my posts.

I've done a Malwarebytes scan and it was clean. Nothing found, detected, quarantined.

If you could tell me how to attach I'd be happy to give you both the screen shots AND the Malwarebytes log.

Pondus · « **Reply #5 on:** August 03, 2012, 12:52:54 PM »

below the txt box you write in here...click "Attachments and other options"

and we need more then malwarebytes log..
also OTL and aswMBR

essexboy · « **Reply #6 on:** August 03, 2012, 03:17:55 PM »

That is the zeroaccess wireless configuration file. And is a false positive. When it next appears select ignore

kylieb · « **Reply #7 on:** August 03, 2012, 05:20:57 PM »

Thanks so much essexboy, my friend has literally found a thread that you had posted about that very problem/solution. You are awesome!

Author Topic: Rootkit Hidden Service Found (Read 6746 times)

kylieb

Rootkit Hidden Service Found

twistedjoke

Re: Rootkit Hidden Service Found

kylieb

Re: Rootkit Hidden Service Found

Pondus

Re: Rootkit Hidden Service Found

kylieb

Re: Rootkit Hidden Service Found

Pondus

Re: Rootkit Hidden Service Found

essexboy

Re: Rootkit Hidden Service Found

kylieb

Re: Rootkit Hidden Service Found