Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Potential Rootkit

15 Jan 2011   #1
G1LLY

Windows 7 Ultimate x64 SP1
 
 
Potential Rootkit

Hi, hopefully I've put this in the correct forum section, anyway I've just done a scan on a family members laptop with the latest version of Hitman Pro & its picked up a rootkit infection, the file is amstream.dll located in C:\Windows\System32, I've had a quick look at the file & uploaded it to VirusTotal but it says its clean, this file looks as though it been updated by SP1 as the version is 6.6.7601.17514 don't think that matters but I'm puzzled as to where this infection has come from, the family member's computer it's been detected on has MSE, Comodo Firewall, Malwarebyte & Hitman Pro (The last two are just on demand not paid versions).

Is there anything I can do to determine that it's maybe a FP, I've done a quick scan using MBAM but picked up nothing & I'm on doing a full scan with MSE.

Has anyone else got Windows 7 SP1 & willing to try Hitman Pro to see if they get the message?

I don't wanna touch anything yet in case it's an important system file.

Thanks anyway.

GILLY




Attached Images
Potential Rootkit-hitman_scan_rootkit.png 
My System SpecsSystem Spec
.
15 Jan 2011   #2
yowanvista

Windows 10 Pro x64, Arch Linux
 
 

No such issue here, you may have a variant of the TDSS rootkit
How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?
My System SpecsSystem Spec
15 Jan 2011   #3
G1LLY

Windows 7 Ultimate x64 SP1
 
 

Thanks for your reply, I ran the Kaspersky program but it picked up nothing, also I've just noticed that only Prevx has picked this threat up, I don't know how good their definitions are but until I find out more I'm going to put this down as a FP for now.

Thanks again.

EDIT: Just ran another full scan with Hitman Pro & it's picking up nothing so I'm guessing it was just a FP on Prevx's part & I can only assume they updated their definitions in the last half hour to correct it?
My System SpecsSystem Spec
.

15 Jan 2011   #4
Hopalong X

Windows7 Pro 64bit SP-1; Windows XP Pro 32bit
 
 

Posting what I find on the subject.

amstream.h

Look in the list her. It is alphabetical and listed in Windows Media Player as part of the program.

http://support.microsoft.com/kb/269605
My System SpecsSystem Spec
15 Jan 2011   #5
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

amstream.dll - Process Information
This component is part of Microsoft DirectX

Component Name
: amstream.dll
Description of : Microsoft DirectX is a group of technologies designed to make Windows-based computers an ideal platform for running and displaying applications rich in multimedia elements such as full-color graphics, video, 3D animation, and rich audio.
My System SpecsSystem Spec
Reply

 Potential Rootkit




Thread Tools




Similar help and support threads
Thread Forum
Potential New PC Build
Hey, I'm thinking of building a custom gaming PC and want to know if the parts are compatible? Here's my parts : Case - Fractal Design R5 Black CPU - AMD FX 9370 Vishera CPU Cooler - Corsair H100i MOBO - ASRock 990FX Killer GPU - 8GB MSI Radeon R9 295 X2 (changing the fan to 120mm...
PC Custom Builds and Overclocking
Potential New Build
Hi, I'm looking to upgrade my pc as I go on using it, recently got a new case for it as well as a liquid processor cooling unit. I have been looking up some further modifications and would like to get some feed back from people who've been doing this longer then I have and have knowledge about the...
PC Custom Builds and Overclocking
Potential New Rig
Hey! I've recently been accepted into the British Army and I'm due to start training in September, After a few months of being in, i should be able to easily afford a new rig. This is along the lines of what i'd want Intel Haswell - Step 6 of 6 Computer Case ...
PC Custom Builds and Overclocking
Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough
I would really appreciate some help from someone with experience with this matter. Introduction: Origin: False sense of security by AVG (updated), Windows kept updated, Browser settings, firewall, and self system maintainence. Presentation: Installed a 2nd HDD (Exclusively for daily...
System Security
Potential 64 bit problem?
Hello I recently built a desktop pc (8 gig ram, 460 gtx GPU, 3.4 ghz cpu, 600w psu) and decided to get windows 7 64 bit OS. My problem is that the computer runs slower than it should, especially at start up. When first booted up it loads to my desktop very quickly, but for around 5 minutes it is...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:55.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App