Jump to content

Possible rootkit activitiy?

boobooboo

By boobooboo
in Resolved Malware Removal Logs

 Share

Recommended Posts

boobooboo

boobooboo

Posted
Posted

I got a desktop here which i think has been infected by a rootkit.

Now i reflashed BIOS and GPU and reinstalled windows7 pro.
Right after install i copied the logs.
In the logs of Microsoft-Windows-Security-Auditing i find this two user accounts (besides mine: JOHN-PC$)

User Accounts
WIN-2IGIUOJJOGU$
37L4247F27-25$

I did not find a way to upload the .evtx file.
So pasted the log here: http://pastebin.com/WkFTYGdU

What are they and why are they here? Could this be rootkit activity adding a user?

Link to post
Share on other sites
KinDaI

KinDaI

Posted
Posted

Im highly unproffesional but I got rid of a SUPER NASTY rootkit today and I used gmer to determine if I really did have any rootkit and it helped me realize it was for "REAL" that it wasn't my computer that went insane, rescue disk didn't spot anything , at all, not a single program listed anything

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.