Jump to content


Photo

Are These Rootkits Maliscious?


  • Please log in to reply
2 replies to this topic

#1 Roann

Roann

    New Member

  • Members
  • 1 posts

Posted 31 October 2010 - 04:07 AM

Hi,
AVG Free 2011 Anti-Rootkit scan brings up these rootkits for removal:

"";"<unknown>";"IRP hook, \Driver\prodrv06 IRP_MJ_CREATE -> 0xE2144008";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prodrv06 IRP_MJ_CLOSE -> 0xE2144008";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prodrv06 IRP_MJ_DEVICE_CONTROL -> 0xE2144008";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prohlp02 IRP_MJ_CREATE -> 0x469A6582";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prohlp02 IRP_MJ_CLOSE -> 0x469A6582";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prohlp02 IRP_MJ_DEVICE_CONTROL -> 0x469A6582";"Object is hidden"

I've tried using the remove option provided in AVG and restart my pc but when I run this anti-rootkit scan again it shows these rootkits are still present. Are they anything to worry about? If so, How can I remove them?
Thanks,
Roann


#2 caintry_boy

caintry_boy

    Folding for Mama and Daddy

  • Moderators
  • 21,255 posts
  • Gender:Male
  • Location:Kansas



Posted 31 October 2010 - 06:16 AM

Hi,
AVG Free 2011 Anti-Rootkit scan brings up these rootkits for removal:

"";"<unknown>";"IRP hook, \Driver\prodrv06 IRP_MJ_CREATE -> 0xE2144008";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prodrv06 IRP_MJ_CLOSE -> 0xE2144008";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prodrv06 IRP_MJ_DEVICE_CONTROL -> 0xE2144008";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prohlp02 IRP_MJ_CREATE -> 0x469A6582";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prohlp02 IRP_MJ_CLOSE -> 0x469A6582";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\prohlp02 IRP_MJ_DEVICE_CONTROL -> 0x469A6582";"Object is hidden"

I've tried using the remove option provided in AVG and restart my pc but when I run this anti-rootkit scan again it shows these rootkits are still present. Are they anything to worry about? If so, How can I remove them?
Thanks,
Roann


Hi and Welcome to The PIT Roann!
Generally the only way to effectively get rid of a rootkit is to format the hard drive. You could try running a HiJackThis scan and posting a log in our HJT forum, but formatting is for sure the best way to clean them.
Run HJT like this:
Download the .exe to it's own folder on your desktop. Open the program and select to "Do a scan and save a log", when finished scanning the log will pop open in Notepad. Copy/paste the contents into a new thread that you open here > http://forums.pcpits...ijackthis-logs/

Luck to ya'!




:geezer:

Edited by caintry_boy, 31 October 2010 - 06:17 AM.

Heatware
How To Post A Test
Isaiah 6 v5 “Woe to me!” I cried. “I am ruined! For I am a man of unclean lips, and I live among a people of unclean lips, and my eyes have seen the King, the Lord Almighty.”


#3 Jacee

Jacee

    Madam Admin <aka> Maude

  • Admins
  • 27,708 posts
  • Gender:Female


Posted 31 October 2010 - 09:09 AM

Did you install StarForce on your computer? If you did, it's part of their copyright protection.

MS - MVP Consumer Security 2006 thru 2014





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users