Hey all!
Scanning my system with avast! today I get warnings for over 250 files that avast! detected signs of rootkits. In the log file, this looks as follows:
16.12.2008 09:25:36 user-name 3844 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setup.bmp\medctroc.dll" file.
16.12.2008 09:25:37 user-name 3844 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setup.bmp\ehOCGen.dll" file.
16.12.2008 09:25:37 user-name 3844 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setup.bmp\plusoc.dll" file.
16.12.2008 09:25:41 user-name 3844 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setupdll.dll\medctroc.dll" file.
16.12.2008 09:25:41 user-name 3844 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setupdll.dll\ehOCGen.dll" file.
16.12.2008 09:25:42 user-name 3844 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setupdll.dll\plusoc.dll" file.
16.12.2008 09:25:46 user-name 3844 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setupapi.dll\medctroc.dll" file.
16.12.2008 09:25:46 user-name 3844 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setupapi.dll\ehOCGen.dll" file.
16.12.2008 09:25:46 user-name 3844 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\setupapi.dll\plusoc.dll" file.
16.12.2008 09:26:17 user-name 3844 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Lokale Einstellungen\Temp\RtkBtMnt.exe" file.
16.12.2008 09:26:18 user-name 3844 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Lokale Einstellungen\Temp\RtkBtMnt.exe" file.
16.12.2008 09:26:38 user-name 3844 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Lokale Einstellungen\Temp\RtkBtMnt.exe" file.
16.12.2008 09:26:39 user-name 3844 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Lokale Einstellungen\Temp\RtkBtMnt.exe" file.
16.12.2008 09:26:58 user-name 3844 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\ZPP.DLL" file.
and so on...
I have no idea nor what this is nor what I can or should do about it. Cleaning the system with CCleaner didn't change anything. Can anyone help?
Thanks in advance
Nicku