Jump to content


Photo

Are These Rootkits Maliscious?


  • Please log in to reply
2 replies to this topic

#1 Roann

Roann

    New Member

  • Members
  • 1 posts

Posted 31 October 2010 - 04:07 AM

Hi,
AVG Free 2011 Anti-Rootkit scan brings up these rootkits for removal:

"";"<unknown>";"IRP hook, \Driver\prodrv06 IRP_MJ_CREATE -> 0xE2144008";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prodrv06 IRP_MJ_CLOSE -> 0xE2144008";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prodrv06 IRP_MJ_DEVICE_CONTROL -> 0xE2144008";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prohlp02 IRP_MJ_CREATE -> 0x469A6582";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prohlp02 IRP_MJ_CLOSE -> 0x469A6582";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prohlp02 IRP_MJ_DEVICE_CONTROL -> 0x469A6582";"Object is hidden"

I've tried using the remove option provided in AVG and restart my pc but when I run this anti-rootkit scan again it shows these rootkits are still present. Are they anything to worry about? If so, How can I remove them?
Thanks,
Roann


#2 caintry_boy

caintry_boy

    Folding for Mama and Daddy

  • Moderators
  • 21,580 posts
  • Gender:Male
  • Location:Kansas



Posted 31 October 2010 - 06:16 AM

Hi,
AVG Free 2011 Anti-Rootkit scan brings up these rootkits for removal:

"";"<unknown>";"IRP hook, \Driver\prodrv06 IRP_MJ_CREATE -> 0xE2144008";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prodrv06 IRP_MJ_CLOSE -> 0xE2144008";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prodrv06 IRP_MJ_DEVICE_CONTROL -> 0xE2144008";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prohlp02 IRP_MJ_CREATE -> 0x469A6582";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prohlp02 IRP_MJ_CLOSE -> 0x469A6582";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prohlp02 IRP_MJ_DEVICE_CONTROL -> 0x469A6582";"Object is hidden"

I've tried using the remove option provided in AVG and restart my pc but when I run this anti-rootkit scan again it shows these rootkits are still present. Are they anything to worry about? If so, How can I remove them?
Thanks,
Roann


Hi and Welcome to The PIT Roann!
Generally the only way to effectively get rid of a rootkit is to format the hard drive. You could try running a HiJackThis scan and posting a log in our HJT forum, but formatting is for sure the best way to clean them.
Run HJT like this:
Download the .exe to it's own folder on your desktop. Open the program and select to "Do a scan and save a log", when finished scanning the log will pop open in Notepad. Copy/paste the contents into a new thread that you open here > http://forums.pcpits...ijackthis-logs/

Luck to ya'!




:geezer:

Edited by caintry_boy, 31 October 2010 - 06:17 AM.

Heatware
How To Post A Test
Daniel 5:23 Instead, you have set yourself up against the Lord of heaven. --- You praised the gods of silver and gold, of bronze, iron, wood and stone, which cannot see or hear or understand. But you did not honor the God who holds in his hand your life and all your ways.


#3 Jacee

Jacee

    Madam Admin <aka> Maude

  • Admins
  • 27,811 posts
  • Gender:Female


Posted 31 October 2010 - 09:09 AM

Did you install StarForce on your computer? If you did, it's part of their copyright protection.

MS - MVP Consumer Security 2006 thru 2014





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users