Results 1 to 2 of 2

Thread: Undetected Rootkit

  1. #1
    Junior Member
    Join Date
    Sep 2008
    Posts
    1

    Default Undetected Rootkit

    Hi all,

    Just found a rootkit that Spybot was unable to find. Ended up having to use SysInternals RootKit Revealer and boot into BartPE to remove it.

    Attached is the files and the RootKitReveal log that shows which reg keys it generates.

    Hope thats all thats needed to get it into the detection lists

    Sorry, forgot to mention what it actually does.
    • Blocks WindowsUpdate website
    • Blocks most security vendor websites
    • Link redirections
    Last edited by tashi; 2008-09-05 at 10:34. Reason: Infectious zip removed

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,485

    Default

    Hello r4z3r,

    Infected Files. How To Submit. Please do not attach or link them here.

    Please zip or rar the file/s and send them to:

    detections(AT)spybot.info (Replace AT with @)

    Put a password like 'infected' on the archive to avoid it being filtered by automatic scanners.

    That is the preferred method for our detectives attention. Please do not attach to a topic.

    Thank you.
    FYI, an anti virus program will detect. Win32/Agent.ODG trojan-deleted.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •