Manage updates with the Download App
I have a dell desktop with Win xp with SP3 and norton 360.
Just cleaned a ton of trojans and one rootkit (Rootkit.Boot.Piharib)
All scans are clean now except Trend Micro Rootkit Buster.
Can someone please advise me on this log:
+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 5.0.0.1050
| Computer Name: FOX-1
| OS version: 5.1-2600
| User Name: Bob
+----------------------------------------------------
--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
MBR unsupported disk type
No hidden files found.
--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.
--== Dump Hidden Process ==--
No hidden processes found.
--== Dump Hidden Driver ==--
No hidden drivers found.
--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805d4b7e
CurrentHandler : 0x8a2b71c0
ServiceNumber : 0xc
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805d4b2e
CurrentHandler : 0x8a2b87a0
ServiceNumber : 0xd
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805a8aba
CurrentHandler : 0x8a5fa008
ServiceNumber : 0x11
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805d6642
CurrentHandler : 0x8a2ae140
ServiceNumber : 0x13
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805a45d0
CurrentHandler : 0x8a0c74d0
ServiceNumber : 0x1f
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x805790a8
CurrentHandler : 0xa89cfbe4
ServiceNumber : 0x25
ModuleName : R
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x806240f0
CurrentHandler : 0xa8e74710
ServiceNumber : 0x29
ModuleName : S
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x8061769e
CurrentHandler : 0x8a23f150
ServiceNumber : 0x2b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805c39fa
CurrentHandler : 0x8a2693d8
ServiceNumber : 0x34
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805d1018
CurrentHandler : 0x8a5e81c8
ServiceNumber : 0x35
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x80643b30
CurrentHandler : 0x8a2af0e0
ServiceNumber : 0x39
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80576c50
CurrentHandler : 0xa89cfddc
ServiceNumber : 0x3e
ModuleName : R
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8062458c
CurrentHandler : 0xa8e74990
ServiceNumber : 0x3f
ModuleName : S
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8062475c
CurrentHandler : 0xa8e74ef0
ServiceNumber : 0x41
ModuleName : S
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805be008
CurrentHandler : 0x8a5fb008
ServiceNumber : 0x44
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805b2fb2
CurrentHandler : 0x8a0c53e0
ServiceNumber : 0x53
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805f9386
CurrentHandler : 0x8a2b52e8
ServiceNumber : 0x59
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805d7802
CurrentHandler : 0x8a2b53c0
ServiceNumber : 0x5b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x80584160
CurrentHandler : 0x8a393f38
ServiceNumber : 0x61
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80626314
CurrentHandler : 0xa89d3746
ServiceNumber : 0x62
ModuleName : R
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805b203a
CurrentHandler : 0x8a0890a8
ServiceNumber : 0x6c
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x8060f04e
CurrentHandler : 0x8a2b4b48
ServiceNumber : 0x72
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8057a1a6
CurrentHandler : 0xa89cfcfc
ServiceNumber : 0x74
ModuleName : R
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805cb440
CurrentHandler : 0x8a287188
ServiceNumber : 0x7a
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805ee054
CurrentHandler : 0x8a3991d8
ServiceNumber : 0x7b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805aa3ec
CurrentHandler : 0x8a2b0b78
ServiceNumber : 0x7d
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805cb6cc
CurrentHandler : 0x8a2721a0
ServiceNumber : 0x80
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805b841e
CurrentHandler : 0x8a2694a8
ServiceNumber : 0x89
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80622314
CurrentHandler : 0xa89d36bc
ServiceNumber : 0xb1
ModuleName : R
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80623b12
CurrentHandler : 0xa89d3626
ServiceNumber : 0xc0
ModuleName : R
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x806261c4
CurrentHandler : 0xa89d3658
ServiceNumber : 0xc1
ModuleName : R
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80625ad0
CurrentHandler : 0xa89d368a
ServiceNumber : 0xcc
ModuleName : R
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805d49ba
CurrentHandler : 0x8a2be818
ServiceNumber : 0xce
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805d173a
CurrentHandler : 0x8a01f220
ServiceNumber : 0xd5
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x8057b034
CurrentHandler : 0xa89cfe82
ServiceNumber : 0xe0
ModuleName : R
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805cde8a
CurrentHandler : 0x89f1a190
ServiceNumber : 0xe4
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x8060fd06
CurrentHandler : 0x8a2b0140
ServiceNumber : 0xf0
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80622662
CurrentHandler : 0xa8e75140
ServiceNumber : 0xf7
ModuleName : S
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805d4a82
CurrentHandler : 0x8a2b4a70
ServiceNumber : 0xfd
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805d48f4
CurrentHandler : 0x8a2bea30
ServiceNumber : 0xfe
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805d29e2
CurrentHandler : 0x8a39c850
ServiceNumber : 0x101
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805d2bdc
CurrentHandler : 0x8a2bd0c0
ServiceNumber : 0x102
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805b2e48
CurrentHandler : 0x8a38d9f0
ServiceNumber : 0x10b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path :
OriginalHandler : 0x805b43cc
CurrentHandler : 0x8a5fa118
ServiceNumber : 0x115
ModuleName :
SDTType : 0x0
No hidden operating system service hooks found.
--== Dump Hidden Port ==--
No hidden ports found.
--== Dump Kernel Code Patching ==--
No kernel code patching detected.
--== Dump Hidden Services ==--
No hidden services found.
Spyware, viruses, & security forum: Rootkit buster clean or not?
by: BagelAnne April 22, 2012 6:02 PM PDT
0 people like this thread
Staff pick
Total posts: 2 (Showing page 1 of 1)
Regarding RootkitBuster Log
by Carol~ 
- 4/23/12 7:56 AM
In Reply to: Rootkit buster clean or not? by BagelAnne
BA..
One one hand, you ask in the subject, "Rootkit buster clean or not?". Yet on the other, you say "All scans are clean now except Trend Micro Rootkit Buster".
I'm only able to venture a guess as to what I think by looking at your log. Given the fact you say you cleaned Rootkit.Boot.Pihar.b (along with a 'ton of trojans') from your system, I would suggest posting your log at the "Trend Community Malware Discussions Forum" where they analyze RootkitBuster logs on a daily basis.
Best of luck..
Carol
Total posts: 2 (Showing page 1 of 1)
Forum Icon Legend
Unread
Read
Locked thread
-
-
-
-
-
-
Moderator
CNET Staff
Samsung Staff
Norton Authorized Support Team
AVG Staff
avast! Staff
Webroot Support Team
Acer Customer Experience Team
Windows Outreach TeamDISH staff
Dell Staff
Intel Staff
Question
Resolved question
General discussion
Tip
Alert or warning
Praise
Rant
You are e-mailing the following post: Post Subject
You are reporting the following post: Post Subject
You are posting a reply to: Post Subject
You are requesting a clarification of the question: Post Subject
You are posting an answer to the question: Post Subject
Click here to be notified via e-mail when someone submits an answer.
Would you like to resolve this question? close
