Jump to content

Rootkit.Rustock False Positive?


Recommended Posts


Malwarebytes (latest version as of 26/11/2010) found a number of files infected with 'Rootkit.Rustock'. We run McAfee VSE 8.7i + Anti Spyware Module with the latest Engine and DAT Files. McAfee did not detect anything.

I then uploaded these files to virus total which also did not detect anything? Can you confirm this is a false positive?

I have attached the files for your investigation.

Kind Rgds,



Link to post
Share on other sites

Here is the Log File:

Malwarebytes' Anti-Malware 1.46


Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

25/11/2010 16:36:13

mbam-log-2010-11-25 (16-36-13).txt

Scan type: Full scan (C:\|Q:\|)

Objects scanned: 54279

Time elapsed: 12 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 7

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\drv\vi\i\EGD2\lvds.sys (Rootkit.Rustock) -> No action taken.

C:\drv\vi\i\EGD2\ns2501.sys (Rootkit.Rustock) -> No action taken.

C:\drv\vi\i\EGD2\ns387.sys (Rootkit.Rustock) -> No action taken.

C:\drv\vi\i\EGD2\sii164.sys (Rootkit.Rustock) -> No action taken.

C:\drv\vi\i\EGD2\softpd.sys (Rootkit.Rustock) -> No action taken.

C:\drv\vi\i\EGD2\th164.sys (Rootkit.Rustock) -> No action taken.

C:\drv\vi\i\EGD2\ti410.sys (Rootkit.Rustock) -> No action taken.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.