Home > I Have > I Have The Hacktool.rootkit Virus And It Keeps Coming Back

I Have The Hacktool.rootkit Virus And It Keeps Coming Back

I'm getting crazy !!! One more interesting things , I found that , this virus attacks where IE(Internet Explorer) is used at most. Symantec detects it, then when I run the AV program, it will say it cleaned or quarantined it, but then it just keeps coming back. In your message please include the address of this thread in your request. his comment is here

Message Insert Code Snippet Alt+I Code Inline Code Link H1 H2 Preview Submit your Reply Alt+S Related Articles hacktool.rootkit - 12 replies help remove hacktool.rootkit - 3 replies For Kali2005: HackTool.Rootkit Avast Evangelists.Use NoScript, a limited user account and a virtual machine and be safe(r)! My computer has a "hacktool.rootkit" virus, as alerted> by my virus protection, Norton AntiVirus. The file is still there!

Apparently it was just cut and pasted to these worms by a script kiddy. Attached Files: hijackthis.txt File size: 7.4 KB Views: 10 Sep 18, 2005 #8 Vigilante TechSpot Paladin Posts: 1,666 Have you guys used sysinternals rootkitrevealer?? Logged Bambleweeny 57 sub-meson brain Don't Surf in the Nude Blog FreewheelinFrank Avast Evangelist Ultra Poster Posts: 4862 I'm a GNU Re: Virus keeps coming back... « Reply Logged Bambleweeny 57 sub-meson brain Don't Surf in the Nude Blog polonus Avast √úberevangelist Maybe Bot Posts: 28552 malware fighter Re: Virus keeps coming back... « Reply #1

FreewheelinFrank Avast Evangelist Ultra Poster Posts: 4862 I'm a GNU Virus keeps coming back... « on: June 27, 2005, 07:46:05 PM » msdirectx.sys is responsible for hiding viruses and Trojans so More resources See also solved Toshiba Laptop Virus won't allow SSD boot into anything, help! Boot normal. Now click on the Fix Checked button in HJT.

If that doesn't work, you will need to boot from the XP CD in repair mode (command line), and delete the .sys file that way. What does ... Sep 20, 2005 #21 patou TS Rookie same problem here i am also having problemswith remon.sys that is detected has a hacktool.rootkit and everytime it is detected it removes all the Join the community of 500,000 technology professionals and ask your questions.

Since the problem appears to be resolved, this topic is now Closed. TechSpot Account Sign up for free, it takes 30 seconds. Attached Files: hijackthis.txt File size: 4 KB Views: 19 Sep 17, 2005 #5 RealBlackStuff TS Rookie Posts: 6,503 habaan nothing wrong with your log. solved Can a virus emulate a wireless connection?

I've tried the WindowsXP Malicious Software> > > Removal> > > Tool, and I've also tried all the MS DOS command stuff mentioned at> > > http://support.microsoft.com/?id=897079> > >> > > Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List So please have him sign up and put Hacktool into the topic heading. FreewheelinFrank Avast Evangelist Ultra Poster Posts: 4862 I'm a GNU Re: Virus keeps coming back... « Reply #11 on: July 07, 2005, 11:30:04 AM » Hi Polonus,The problem seems to be

Explore our set of diagnostic and discovery tools. this content Sep 20, 2005 #17 volodos TS Rookie I have the same problem with remon.sys, I deleted it in DOS mode but when I entered windows it was running again. I've tried the> WindowsXP Malicious Software Removal Tool, and I've also tried all> the MS DOS command stuff mentioned at> http://support.microsoft.com/?id=897079>> I don't know what else to do! You may also...

Also, disable system restore in Winxp. 0 LVL 32 Overall: Level 32 Vulnerabilities 7 Message Expert Comment by:r-k ID: 149007352005-09-16 Good point. Several functions may not work. Join over 733,556 other people just like you! http://custsolutions.net/i-have/i-have-hacktool-rootkit.php i dont trust them> taskcntr.exe - sysmanager.exe - look closely on the task manager, you will see this running on and off.

Then execute the Anti-virus on your machine in full mode. 8. There are a number of different versions of the files including ntesik.sys, securentm.sys, sti64si.sys and acpi.sys. a scan in safe mode detected Hacktool.rootkit Upon system restart their was symantec message saying viruses or being cleaned and something similar !!

Norton can't remove> it> > > at> > > all which is anoying.

Using the site is easy and fun. Success always occurs in private and failure in full view. Join & Ask a Question Need Help in Real-Time? Login now.

Sometimes it tries to send an e-mail that is blocked by Symantec.I have tried a few online spyware scans but without success.I have deleted all files in the temp & cookie Now click on the Fix Checked button in HJT. check out if you got these files. check over here My computer has a "hacktool.rootkit" virus, as alerted> by> > > my> > > virus protection, Norton AntiVirus.

Vikram Kumar Symantec Consultant The most helpful part of entire Symantec connect is the Search button..do use it. 0 Login to vote ActionsLogin or register to post comments Would you like Advertisements do not imply our endorsement of that product or service. Then.run the anti virus on your system. 6. I can find and remove that virus, but it keeps coming Back.

I'm getting crazy !!! Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc. Run the Norton AV in Safe Mode and delete the files there. In the link above, rdriv.sys is called a "pseudorootkit".If this was a real rootkit, the rootkit would presumably hide itself as well and anti-virus programs wouldn't set off any alarms...

In his norton failed to remove but by the looks of it he has quite more probably an .exe / bootkit which is reinfecting constantly Norton Power eraser picked a filed Everytime the virus appears it also drops a file in the temp folder. If any command doesn't work, or says file is missing or can't find, etc, move on the next file. I keep getting a pop up saying that "this link does not exist" but it comes up when I am not trying to click on anything.

i tried in recup mode to change the attrib of remon.sys but i cannot find it anywhere. Exit HJT. Could it be a Virus? Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.

Click here to Register a free account now! Everyone else please start a new topic. - Jat90 - If I have not responded to you within 24 hours, then please feel free to send me a message. Weird.