Jump to content

FP MBAR on Panda's drivers


smeenk

Recommended Posts

Database version: v2013.04.27.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

27-4-2013 10:52:58

mbar-log-2013-04-27 (10-52-58).txt

Files Detected: 2

C:\WINDOWS\system32\drivers\RkPavproc1.sys (Unknown Rootkit Driver Infection) -> Delete on reboot.

C:\WINDOWS\system32\drivers\RkPavproc3.sys (Unknown Rootkit Driver Infection) -> Delete on reboot.

http://www.pcwebplus.nl/phpbb/viewtopic.php?p=60686#p60686

Link to post
Share on other sites

  • Staff

Hi,

This appears to be a generic detection - I'll point the mbar developer to this thread.

Although, it may be possible there's indeed a rootkit present (as we have seen with certain 0access veriants) where the files are "forged" by the rootkit meaning, reads through WinAPI differs from the contents readen through low-level disk access.

So you may want to do some additional checks there.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.