Jump to content

Recommended Posts

Hello there,

Hopefully I've posted this to the right forum. Long story short: I've had a Rootkit detection scare several days ago. This happened immediately after the last Windows update (KB4034662/KB4034674). I always run Malwarebytes (free version) after running my default Anti-virus when doing Windows updates. The scan claimed it found an "unknown Rootkit":

-Scan Details-

Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

*File: 1
Unknown.Rootkit.Driver, C:\WINDOWS\System32\drivers\drmk.sys, Replaced, [0], [0],0.0.0

Physical Sector: 0
(No malicious items detected)

(end)

Not really thinking it through, I went ahead and quarantined the file, then removed it. Since this file was part of the core driver files for Windows, my PC naturally blue screened mid-process. I rebooted, then ran an sfc/scannow via Command Prompt, and was able to reinstall the damaged driver with seemingly little problems. I've since then ran some additional anti-virus scans and Rootkit cleaners (ESET online scanner, TDSS Killer; etc.), and several more Malwarebytes scans; all of which found nothing. 

My question here is, was this potentially a false positive? Are there any additional security steps I should proceed with, assuming this was a legit Rootkit? 

 

Cheers,

-L.

 

 

Edited by Lynched
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.