Jump to content

Possible rootkit activitiy?


Recommended Posts

I got a desktop here which i think has been infected by a rootkit.

Now i reflashed BIOS and GPU and reinstalled windows7 pro.
Right after install i copied the logs.
In the logs of Microsoft-Windows-Security-Auditing i find this two user accounts (besides mine: JOHN-PC$)

User Accounts
WIN-2IGIUOJJOGU$
37L4247F27-25$

I did not find a way to upload the .evtx file.
So pasted the log here: http://pastebin.com/WkFTYGdU

What are they and why are they here? Could this be rootkit activity adding a user?

Link to post
Share on other sites

Im highly unproffesional but I got rid of a SUPER NASTY rootkit today and I used gmer to determine if I really did have any rootkit and it helped me realize it was for "REAL" that it wasn't my computer that went insane, rescue disk didn't spot anything , at all, not a single program listed anything

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.