Author Topic: Possible rootkit? (Read 7118 times)

YLAP · « **on:** November 18, 2007, 05:35:50 PM »

Hello everyone.

Any ideas about this file? As I can't find any info about anything it might refer to...

DavidR · « **Reply #1 on:** November 18, 2007, 05:49:46 PM »

Well there are certainly some avast drivers in that folder, aswmon.sys, aswmon2.sys, aswrdr.sys and aswtdi.sys in my C:\WINDOWS\SYSTEM32\DRIVERS folder but this doesn't appear to be anything to do with avast (aswxxx.sys files) nothing like awsrsl4t2.sys in my system.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I don't know if it is a rootkit you might not be able to upload it.

As you say no google hits on awsrsl4t2.sys (if that is the correct file name) which considering it is meant to be a driver I would have thought there would be some hits.

You could also send a sample to avast for analysis.

YLAP · « **Reply #2 on:** November 18, 2007, 05:51:39 PM »

Nope, I can't locate this file by myself even with "Show hidden files" enabled...

YLAP · « **Reply #3 on:** November 18, 2007, 06:35:40 PM »

Seems AVG anti-rootkit detects itself as rootkit, as I removed that file, restarted PC, and run program again. It detected the same strange, but other file name. So, I downloaded Panda Anti-Rootkit. It found nothing

DavidR · « **Reply #4 on:** November 18, 2007, 06:54:32 PM »

Quote from: =YLAP= on November 18, 2007, 05:51:39 PM

Nope, I can't locate this file by myself even with "Show hidden files" enabled...

There is also an option about showing or rather 'Do not show hidden or system files' you may need to uncheck that if you didn't do so.

DavidR · « **Reply #5 on:** November 18, 2007, 07:06:24 PM »

Quote from: =YLAP= on November 18, 2007, 06:35:40 PM

Seems AVG anti-rootkit detects itself as rootkit, as I removed that file, restarted PC, and run program again. It detected the same strange, but other file name. So, I downloaded Panda Anti-Rootkit. It found nothing

That is the problem with some of the anti-rootkit tools they often show a lot of information without making a determination that it is a rootkit, just that it is hidden (though that file name and no google hits whould make me suspicious).

Among the more user friendly of the anti-rootkit tools are, F-Secure Blacklight, Panda, AVG anti-rootkit and a new addition, Trend Micro RootkitBuster - http://www.trendmicro.com/download/rbuster.asp

rdmaloyjr · « **Reply #6 on:** November 18, 2007, 07:23:42 PM »

Quote from: =YLAP= on November 18, 2007, 06:35:40 PM

Seems AVG anti-rootkit detects itself as rootkit, as I removed that file, restarted PC, and run program again. It detected the same strange, but other file name. So, I downloaded Panda Anti-Rootkit. It found nothing

I have AVG Anti-rootkit Free, I ran it erlier this morning & it didn't detect itself as a rootkit. Never has detected itself as a rootkit on my computer. I checked to make sure it was up to date before running a "in depth search" for rootkits. It has never found any rootkits on my two computers & I hope no rootkits will ever be on my computer.

I used to have Gmer, it never found any rootkits. Blacklight found my computer to be clean.

I'm not bragging, just happy to not be infected.

YLAP · « **Reply #7 on:** November 18, 2007, 07:48:15 PM »

Checked my system with two other anti-rootkit programs and I can say that it's something related with AVG, because hidden driver is gone as soon as I close AVG antirootkit.

DavidR · « **Reply #8 on:** November 18, 2007, 08:48:22 PM »

Yes, it is probably OK if 1) it is no longer on your system and 2) no other anti-rootkits detect anything.

Author Topic: Possible rootkit? (Read 7118 times)

YLAP

Possible rootkit?

DavidR

Re: Possible rootkit?

YLAP

Re: Possible rootkit?

YLAP

Re: Possible rootkit?

DavidR

Re: Possible rootkit?

DavidR

Re: Possible rootkit?

rdmaloyjr

Re: Possible rootkit?

YLAP

Re: Possible rootkit?

DavidR

Re: Possible rootkit?