Jump to content

Existing user? Sign In
Sign In

Remember me Not recommended on shared computers

Forgot your password?
Staff Sign In
Sign Up

Home

risktaker

Members

View Profile See their activity

Posts
2
Joined
October 4, 2012
Last visited
October 10, 2012

Reputation

0 Neutral

Rootkit hiding in svchost.exe

risktaker replied to risktaker's topic in Resolved Malware Removal Logs

Of course you could ignore the detected file in mbam. I put those there. RK does show some interesting results so I went ahead and posted it DDS.txt mbam-log-2012-10-05 (13-36-10).txt RKreport1.txt Attach.txt
- October 5, 2012
- 5 replies
- - rootkit
  - tdss
  - (and 2 more)
    Tagged with:
    
    rootkit
    
    tdss
    
    roguekiller
    
    payload
Rootkit hiding in svchost.exe

risktaker posted a topic in Resolved Malware Removal Logs

I've recently been recieving incoming connections from foriegn IPs(Europe) over port 22028. MBAM blocks these connections prompting "Incoming connection from 85.x.x.x blocked; proc:"scvhost.exe". I'm worried about any other vulnerabilities this rootkit might exploit. I've tried TDSS and combofix but to no avail. I have a report generated for DDS and roguekiller.
- October 4, 2012
- 5 replies
- - rootkit
  - tdss
  - (and 2 more)
    Tagged with:
    
    rootkit
    
    tdss
    
    roguekiller
    
    payload

×

×

Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

IPS spam blocked by CleanTalk.