Author Topic: tiwblkf.sys and wcay.sys (Read 2640 times)

Justin_22 · « **on:** May 29, 2010, 09:11:34 AM »

Hello

I was wondering if anyone could tell me if these are 2 rookits or not? because they are being detected by Hitman Pro as such by A2 and Prevx, a look on google by me returned nothing on either, a scan by MBAM came up clean and the upload to virustotal came up with the same result for both here it is.
http://www.virustotal.com/analisis/3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516-1275109683
only 3/41. Is it safe to say these are false positives?

thank you

Pondus · « **Reply #1 on:** May 29, 2010, 09:32:02 AM »

have you tried
Anubis http://anubis.iseclab.org/
ThreatExpert http://www.threatexpert.com/submit.aspx

Justin_22 · « **Reply #2 on:** May 29, 2010, 09:40:04 AM »

Acctualy, I believe those both were actual real rootkits, I was doing some heavy downloading yesterday and I checked the date they were created (around the same time as I was downloading) and neither one had a digital signature, sorry I didnt grab any copies to submit

DavidR · « **Reply #3 on:** May 29, 2010, 03:01:22 PM »

Virustotal being an on-demand scan is highly unlikely to detect it as a rootkit (these detections appear to be generic/suspect/heuristic) as that requires special anti-rootkit scanning to compare what is shown as running in the windows api and what is actually running.

Author Topic: tiwblkf.sys and wcay.sys (Read 2640 times)

Justin_22

tiwblkf.sys and wcay.sys

Pondus

Re: tiwblkf.sys and wcay.sys

Justin_22

Re: tiwblkf.sys and wcay.sys

DavidR

Re: tiwblkf.sys and wcay.sys