Toribash
FAQ
Advanced Search
Subscribed Threads
Today's Posts Mark Forums Read
Closed Thread
Switch to Linear Mode Switch to Hybrid Mode Switch to Threaded Mode
Original Post
View Public Profile Send a private message to coloo Find More Posts by coloo
Active Inventory Deactivated Inventory Trade History

Nov 16, 2009 Old
View Public Profile Send a private message to coloo Find More Posts by coloo
Active Inventory Deactivated Inventory Trade History
ub3r coloo's Avatar
2nd Dan Black Belt
Join Date: Jun 2009
Posts: 3,008
Nov 16, 2009 Old
hacktool.rootkit
This has been found on my computer straight after i just reformatted, i cant delete it because there is a hidden file that is calling it into existence, it comes into existence as a .tmp file format (temporary file) and if it doesn't get internet access to the third party, it deletes itself and attempts to access the web later, can anyone help me?


Also, nortons is detecting it and blocking it, that is all i know of it.
Last edited by coloo; Nov 16, 2009 at 12:49 PM.
View Public Profile Send a private message to Peter Find More Posts by Peter
Active Inventory Deactivated Inventory Trade History

Nov 16, 2009 Old
View Public Profile Send a private message to Peter Find More Posts by Peter
Active Inventory Deactivated Inventory Trade History
Forumite Peter's Avatar
6th Dan Black Belt
Join Date: Sep 2008
Posts: 2,230
Nov 16, 2009 Old
Delete the hidden file so then it won't be called into existence etc.

I assume you mean the files hidden in a folder.
Not that you can't find the file and it is, indeed, hidden.

If so, good luck.
lol
View Public Profile Send a private message to coloo Find More Posts by coloo
Active Inventory Deactivated Inventory Trade History

Nov 16, 2009 Old
View Public Profile Send a private message to coloo Find More Posts by coloo
Active Inventory Deactivated Inventory Trade History
ub3r coloo's Avatar
2nd Dan Black Belt
Join Date: Jun 2009
Posts: 3,008
Nov 16, 2009 Old
The file that is calling ti into existence is hidden, the hacktool gets put out into the open where it attempts to access the web.
View Public Profile Send a private message to coloo Find More Posts by coloo
Active Inventory Deactivated Inventory Trade History

Nov 16, 2009 Old
View Public Profile Send a private message to coloo Find More Posts by coloo
Active Inventory Deactivated Inventory Trade History
ub3r coloo's Avatar
2nd Dan Black Belt
Join Date: Jun 2009
Posts: 3,008
Nov 16, 2009 Old
Ahem, it is not a permanent file, it is temporary. It doesn't exist until it wants to. That is useless to me for multiple reasons the main one being: The rootkit doesnt exist until it wants to as i said before, attempting to remove a file that doesn't exist would be a waste of time, and the code that calls it into existence is probably attatched to a vital system document as well as being hidden.
View Public Profile Send a private message to raydark101 Find More Posts by raydark101
Active Inventory Deactivated Inventory Trade History

Nov 16, 2009 Old
View Public Profile Send a private message to raydark101 Find More Posts by raydark101
Active Inventory Deactivated Inventory Trade History
Senior Member raydark101's Avatar
Brown Belt
Join Date: Jan 2008
Posts: 892
Nov 16, 2009 Old
Search around google, I know there is a way to delete it with cmd. But I cannot recall it right now.
View Public Profile Send a private message to coloo Find More Posts by coloo
Active Inventory Deactivated Inventory Trade History

Nov 16, 2009 Old
View Public Profile Send a private message to coloo Find More Posts by coloo
Active Inventory Deactivated Inventory Trade History
ub3r coloo's Avatar
2nd Dan Black Belt
Join Date: Jun 2009
Posts: 3,008
Nov 16, 2009 Old
I just said i cant dlete it because it's temporary, and the file that calls it into existence is hidden and even if it wasnt i would have no way of telling what it was.
View Public Profile Send a private message to Bilza Find More Posts by Bilza
Active Inventory Deactivated Inventory Trade History

Nov 16, 2009 Old
View Public Profile Send a private message to Bilza Find More Posts by Bilza
Active Inventory Deactivated Inventory Trade History
Shits That Huge Bilza's Avatar
2nd Dan Black Belt
Join Date: Aug 2008
Posts: 2,562
Nov 16, 2009 Old
First of all, just because somethings temporary, doesnt mean you cant delete it.
It could be temporary from startup to end of session, then next startup be there again.
try deleting it first, and see what happens.
Post here and let me know how it goes.
Also, how comes Norton isnt deleting it, if its blocking it?
Btw, if its infected a system file, you can probably find a dupe of that specific file on the internet, then you can delete the infected one, and replace with the Working duplicate.
View Public Profile Send a private message to raydark101 Find More Posts by raydark101
Active Inventory Deactivated Inventory Trade History

Nov 16, 2009 Old
View Public Profile Send a private message to raydark101 Find More Posts by raydark101
Active Inventory Deactivated Inventory Trade History
Senior Member raydark101's Avatar
Brown Belt
Join Date: Jan 2008
Posts: 892
Nov 16, 2009 Old
Also, if you could run a complete system scan and let us know what you come up with, that would be great. Right now we are not getting much information besides, 'It's temporary.' 'ITS FUCKIN TEMPORARY' 'I CANT DELETE ITS TEMPORARY'.
Norton/Avast are the programs that I recommend.
Closed Thread

« Previous Thread | Next Thread »