Results 1 to 2 of 2

Thread: rootkit symtoms

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Apr 2008

    Default rootkit symtoms

    I have found the following signs of rootkit infection on my XP family Edition :

    Unknown user replacing administrators rights on svchost-dns-tcpip-rcp and alg and WMI. Seen using Process Explorer from sysinternals.

    Anonymous logon privilege for Flash or shockwave activex and flash player in the Macromedia folder in System32. Seen with AccessEnumerator from sysinternals.

    Files called E.tmp in system32 and dump_WMILIB.sys and dump_atapi.sys in system32/drivers seen with icesword.

    No current product on the market seems able to find or remove this problem
    Last edited by cayenneken; 2008-04-14 at 21:16.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts