Win32:RustNT Malware Found?

[Sir_Brizz]

I'm using Avast!4 Home Edition and one of the computers at my house found the malware (rootkit) Win32:RustNT. I've looked all over on Google and I can't find what this malware does or even is, whether it's dangerous or just some crappy rootkit that is useless but I should get rid of. I found it on beep.sys in the system32 folder. Quarantining it didn't work, I'm trying a boot time scan but it is still running.

Does anyone know anything about this virus?

[Jtaylor83]

I suggest: Trend Micro Rootkit Buster, F-secure Blacklight, SuperAntiSpyware Free, or MBAM.

[Sir_Brizz]

Are any of those better than the other? I've never used any of them before (been out of the hardware business for 8+ years now).

[Maxx_original]

it's a new variant of Rustock..

[Sir_Brizz]

I don't know whether to be happy that you know, or sad that another variant of Rustock is out...

[Maxx_original]

i just gave you a hint what to search on google... it's not so frequently seen infection, so i guess it would be better to find also some external resources and discuss the results here

[Sir_Brizz]

Well, the boot time scan found two files, beep.sys and glaide.sys. I just deleted them both and then ran a full system scan when the machine booted and it didn't find anything else. Good work, Avast!

[DavidR]

Whilst it may not have been a problem in this case, deletion is a bad habit to get into.

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

[Sir_Brizz]

I suppose that is what I should have done, in retrospect. I don't run into viruses/malware a lot so not well practiced in that. I don't even know how I would have or could have gotten it, my wife said it popped up while she was doing a google image search.