Potential Rootkit

G1LLY

G1LLY

New member
Hi, hopefully I've put this in the correct forum section, anyway I've just done a scan on a family members laptop with the latest version of Hitman Pro & its picked up a rootkit infection, the file is amstream.dll located in C:\Windows\System32, I've had a quick look at the file & uploaded it to VirusTotal but it says its clean, this file looks as though it been updated by SP1 as the version is 6.6.7601.17514 don't think that matters but I'm puzzled as to where this infection has come from, the family member's computer it's been detected on has MSE, Comodo Firewall, Malwarebyte & Hitman Pro (The last two are just on demand not paid versions).

Is there anything I can do to determine that it's maybe a FP, I've done a quick scan using MBAM but picked up nothing & I'm on doing a full scan with MSE.

Has anyone else got Windows 7 SP1 & willing to try Hitman Pro to see if they get the message?

I don't wanna touch anything yet in case it's an important system file.

Thanks anyway.

GILLY
 

Attachments

  • Hitman_Scan_Rootkit.PNG
    Hitman_Scan_Rootkit.PNG
    12.1 KB · Views: 17

My Computer

Computer Manufacturer/Model Number
Acer Aspire 5742
OS
Windows 7 Ultimate x64 SP1
CPU
Intel Core i3-370M @ 2.4GHz
Motherboard
Mobile Intel HM55 Express Chipset
Memory
6GB 1333MHz DDR3
Graphics Card(s)
Intel GMA HD
Monitor(s) Displays
15.6" HD Acer CineCrystal LED LCD
Screen Resolution
1366×768
Hard Drives
320GB (5400 RPM) SATA
PSU
65W
Mouse
Microsoft Wireless Optical Mouse 3000
Internet Speed
6Mbps
Other Info
WEI Score: 4.6

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 10 Pro x64, Arch Linux
CPU
Intel Core 2 Quad Q8200 OC'd 3.08GHz
Motherboard
Asus Rampage formula LGA775
Memory
8GB DDR2 900Mhz
Graphics Card(s)
MSI GT730 2GB GDDR5 (Kepler)
Sound Card
Supreme FX2
Monitor(s) Displays
Samsung LS22F350 LED
Screen Resolution
1080P
Hard Drives
Kingston SSDNow UV400 120GB, 500GB Hitachi, 2TB Samsung, 500GB Seagate FreeAgent, 640GB Samsung, 160GB Toshiba (Arch)
PSU
AeroCool 500W Bronze
Cooling
Cooler Master V6 + 3X fans
Keyboard
Prolink keyboard
Mouse
Logitech M705
Internet Speed
1MiB/s
Browser
Chrome Beta
Thanks for your reply, I ran the Kaspersky program but it picked up nothing, also I've just noticed that only Prevx has picked this threat up, I don't know how good their definitions are but until I find out more I'm going to put this down as a FP for now.

Thanks again.

EDIT: Just ran another full scan with Hitman Pro & it's picking up nothing so I'm guessing it was just a FP on Prevx's part & I can only assume they updated their definitions in the last half hour to correct it?
 

My Computer

Computer Manufacturer/Model Number
Acer Aspire 5742
OS
Windows 7 Ultimate x64 SP1
CPU
Intel Core i3-370M @ 2.4GHz
Motherboard
Mobile Intel HM55 Express Chipset
Memory
6GB 1333MHz DDR3
Graphics Card(s)
Intel GMA HD
Monitor(s) Displays
15.6" HD Acer CineCrystal LED LCD
Screen Resolution
1366×768
Hard Drives
320GB (5400 RPM) SATA
PSU
65W
Mouse
Microsoft Wireless Optical Mouse 3000
Internet Speed
6Mbps
Other Info
WEI Score: 4.6

My Computer

Computer Manufacturer/Model Number
Hopalong/ Godzilla
OS
Windows7 Pro 64bit SP-1; Windows XP Pro 32bit
CPU
Intel Core i7-870 Lynnfield 2.93GHz LGA 1156 95W Quad-Core
Motherboard
ASUS P7P55D-E PRO
Memory
8GB@1400MHz Crucial Ballistix DDR3-1600 4x2GB
Graphics Card(s)
ASUS ENGTX460 DirectCU/2DI/1GD5 1GB 256-bit GDDR5
Sound Card
VIA Onboard
Monitor(s) Displays
Asus VS248H-P 24"; Samsung SyncMaster 941BW 19"ws
Screen Resolution
1920x1080; 1440x900
Hard Drives
Samsung 830 120GB SSD
Intel 320 120GB SSD
Western Digital Caviar Black WD7501AALS 750GB 7200 RPM SATA 3.0Gb/s
Western Digital Caviar Black WD6401AALS 640GB 7200 RPM SATA 3.0Gb/s
PSU
COOLER MASTER Silent Pro RS850-AMBAJ3-US 850W Modular
Case
COOLER MASTER HAF 932 RC-932-KKN5-GP Black
Cooling
Scythe "Mugen-2 Rev.B" (2 ScytheKaze-Jyuni PWM fans)
Keyboard
Logitech K-320
Mouse
Kensington
Antivirus
Avast Inernet Suite
Browser
IE 9 ; Chrome
amstream.dll - Process Information
This component is part of Microsoft DirectX

Component Name: amstream.dll
Description of : Microsoft DirectX is a group of technologies designed to make Windows-based computers an ideal platform for running and displaying applications rich in multimedia elements such as full-color graphics, video, 3D animation, and rich audio.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
You must log in or register to reply here.
Back
Top