Results 1 to 6 of 6

Thread: Kaspersky rootkit????

  1. #1
    Junior Member
    Join Date
    Mar 2013
    Posts
    18

    Default Kaspersky rootkit????

    Hello,
    New to the forum. I have some kind of infection on my XP Pro SP3 system whereby I am told by scans by Kaspersky and SuperAntiSpyware that my home page has been changed. Kaspersky Vulnerability Scan set it back to "Blank" and SuperAntiSpyware tells me it was changed and asks if I want to set it back to it's original state which I answer yes. My Security Center buttons become greyed out and I have to make registry changes to re-enable them to set auto update and at what time to perform it. Running a manual Windows Update will take a LONG time to run/complete. System performance also slowly degrades. I have thrown many things at this with no changes. After a reboot, system runs better but the greyed out buttons return. I ran the "RootAlyzer" and below is the log.

    // info: Rootkit removal help file
    // copyright: (c) 2008-2009 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP13\Report:kavextended:$DATA"


    I suspect that the above results are due to having Kaspersky loaded and running (paid version). If this is the case, can you suggest to me what I should do next to find and remove this infection? Thanks in advance for all your help!!!

    Ray
    PS Attached please find a screenshot of the completed Kaspersky Vulnerability Scan.
    Last edited by rdomingu; 2013-03-12 at 19:58. Reason: addition of details

  2. #2
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    That is no Rootkit, just a file that is belonging to Kaspersky.

    Malware sometimes uses rootkit technology to hide itself at system level.
    This makes it undetectable by standard tools. Our plugins help Spybot Search & Destroy to detect this form of malware.
    Our Rootkit Scanner tool shows anything that uses certain rootkit technologies. But items with rootkit properties detected here are not necessarily malware. Sometimes, legit software uses rootkit technologies to hide registration data or other things it does not want the user to see in any case. So please keep in mind that the Rootkit Scanner only flags suspicious stuff, not identifying just bad stuff.

    Best regards
    Sandra
    Team Spybot

  3. #3
    Junior Member
    Join Date
    Mar 2013
    Posts
    18

    Default Still infected with something. Please help.

    Thank you Sandra for such a quick response. I figured that result would be safe seeing that I am running Kaspersky's Anti-Virus 2013. However, I am infected with something which I cannot seem to find. I am hoping you can assist me with your detection experience in locating infections. I am running Win XP SP3 and current on all patches. I have run Kaspersky scans (full, vulnerability, critical area and root kit), Sophos stand alone (Sav32cli), SB Search n Destroy 2, RootAlyzer, SuperAntiSpyware, HijackThis, Combofix and MalwareBytes....all with current updates....with no significant results, to maybe my untrained eye. I have run these all under normal boot and some under safe mode with no difference in results. After a boot-up, box runs good but eventually slows to a crawl with CPU usage at 100%. I am a desktop support analyst and am used to disinfecting box on almost a daily basis but this one is on my own personal box. I have backups, but they are infected as well so I can't just restore. At work, this would be a simple re-image but I can't do that here....much too much stuff on this box. I would greatly appreciate your assistance. This one is REALLY making me feel incompetent!!! Thanks in advance for your hopeful assistance.

    Thank you,
    Ray
    Last edited by rdomingu; 2013-03-13 at 17:40. Reason: addition

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,465

    Default

    Hello,
    Quote Originally Posted by rdomingu View Post
    At work, this would be a simple re-image but I can't do that here....much too much stuff on this box. I would greatly appreciate your assistance. This one is REALLY making me feel incompetent!!! Thanks in advance for your hopeful assistance.

    Thank you,
    Ray
    Is this a personal computer?

    Best regards,
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Mar 2013
    Posts
    18

    Angry It Sure Izzz

    Yes, regretfully I am now unemployed and this is my own personal computer....
    Last edited by rdomingu; 2013-03-13 at 17:59.

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,465

    Default

    Hello domingu,

    For someone to take a look at the system please start a topic in the Malware Removal Forum and a volunteer analyst will advise when available.

    First see that forum's FAQ which also includes instructions in post #2 on how to provide DDS and aswMBR logs, which are used in the preliminary analysis.
    http://forums.spybot.info/showthread.php?t=288

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •