NFOHump.com :: View topic - HEEEELP! Trojan horse, most likely a rootkit...

View unanswered posts

HEEEELP! Trojan horse, most likely a rootkit...	View previous topic :: View next topic New Topic Post Reply
NFOHump.com Forum Index - The Bitching Session

Page 1 of 1

Lutzifer
Modzilla

Posts: 12740
Location: ____________________ **** vegan zombie **** GRRAAIIINNSS _______

Posted: Fri, 15th Sep 2006 20:27 Post subject: HEEEELP! Trojan horse, most likely a rootkit...	Quick Quote Quote

I m having a very annoying problem. After major instability problems with Adobe Audition together with longer bootup-time which i never had before i checked my system for any other culprits that may cause the instability. At startup i have an instance of mozilla running although i didnt start it. So i guessed that somebody trojaned me. I killed the prozess to see what exactly would happen. As suspected it started up again. I renamed mozilla and killed it again and to my astonishment an instance of seamonkey popped up (seamonkey is the follow-up of the mozilla suite). So i renamed that and killed it also and so far no other hijack has happened. To see where the trojan horse connected to i renamed seamonkey again after disallowing it in the firewall, it popped up again, and i got the following ip adress it connects to: Ud74d.u.pppool.de (IP: 89.56.215.77) on port 3460 No virus-scan found something (tried 2 different programs and have bitdefender 9 running), tried spybot, used hijackthis, and then came to the conclusion that it s most likely a rootkit. I tried all rootkit programs i could find, and either they crashed the system when trying to dump the system hive of the registry (stop 0x0000008e) error) or reported a read-error on the system hive... I guess its a knew rootkit that manages to evade the scanners by crashing them / disallowing the reading of the system hive, but i havent found anything useful on teh intarnetz... HEEEELLLP! www.psygamer.net ::::

whoKnows
VIP Member

Posts: 2972

Posted: Sat, 16th Sep 2006 09:14 Post subject:	Quick Quote Quote

Before wasting too much time with the removal i would reisntall right away. This way you can be 100% sure that it's gone, or maybe you have an older clean image wich you can use.

Profile
PM

Page 1 of 1

All times are GMT + 1 Hour

NFOHump.com Forum Index - The Bitching Session
	New Topic Post Reply
Signature/Avatar nuking: none (can be changed in your profile)

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group