Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Rootkit Found

22 Jun 2010   #1
codyw

Windows 7 Ultimate x64 with SP1
 
 
Rootkit Found

I have NIS 2010 installed on my PC and I do a couple scans a day with Norton, Malwarebytes, and Hitman Pro 3.5.5. I just did a scan with Hitman Pro and it found a Rootkit in C:\Windows\system32\DRIVERS\

Isn't Norton supposed to detect and block these kind of malware attacks?????

Not very happy right now since Rootkits can do many things...


My System SpecsSystem Spec
.
22 Jun 2010   #2
Capt.Jack Sparrow

Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
 
 

Quote   Quote: Originally Posted by codyw View Post
I have NIS 2010 installed on my PC and I do a couple scans a day with Norton, Malwarebytes, and Hitman Pro 3.5.5. I just did a scan with Hitman Pro and it found a Rootkit in C:\Windows\system32\DRIVERS\

Isn't Norton supposed to detect and block these kind of malware attacks?????

Not very happy right now since Rootkits can do many things...
Hello !!

What is File name that was detected ?? Maybe it's just a False Positive

- Captain
My System SpecsSystem Spec
22 Jun 2010   #3
codyw

Windows 7 Ultimate x64 with SP1
 
 

File name is elxstor.sys
Does Hitman Pro tend to get known good files mixed up?
My System SpecsSystem Spec
.

22 Jun 2010   #4
Capt.Jack Sparrow

Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
 
 

Quote   Quote: Originally Posted by codyw View Post
File name is elxstor.sys
Does Hitman Pro tend to get known good files mixed up?
It's not a virus look this webiste Elxstor.sys Analysis Report If you're wanting to individually scan this file for a virus, use VirusTotal and upload elxstor.sys to have it scanned with dozens of different anti-virus scanners at once.

Hope this helps,
Captain
My System SpecsSystem Spec
22 Jun 2010   #5
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by Capt.Jack Sparrow View Post
Quote   Quote: Originally Posted by codyw View Post
File name is elxstor.sys
Does Hitman Pro tend to get known good files mixed up?
It's not a virus look this webiste Elxstor.sys Analysis Report If you're wanting to individually scan this file for a virus, use VirusTotal and upload elxstor.sys to have it scanned with dozens of different anti-virus scanners at once.

Hope this helps,
Captain
Agreed. Also see elxstor.sys - Greatis Software
My System SpecsSystem Spec
22 Jun 2010   #6
codyw

Windows 7 Ultimate x64 with SP1
 
 

After viewing that website, I have 2 questions:
  1. Does Hitman Pro conflict with virus protection?
  2. Why did Hitman clissify this as malware when it's a perfectly good file?

Symantec is telling me that Hitman Pro will conflict.
My System SpecsSystem Spec
22 Jun 2010   #7
codyw

Windows 7 Ultimate x64 with SP1
 
 

I went to the DRIVERS folder under the C drive and manually scanned the folder with Norton and it said everything was fine.
My System SpecsSystem Spec
22 Jun 2010   #8
codyw

Windows 7 Ultimate x64 with SP1
 
 

What would happen if I told Hitman Pro to quarantine/delete the infection and this WAS a false positive. I have Symantec Support saying it's an infection. What would happen if I was to delete the said file?
My System SpecsSystem Spec
22 Jun 2010   #9
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by codyw View Post
After viewing that website, I have 2 questions:
  1. Does Hitman Pro conflict with virus protection?
  2. Why did Hitman clissify this as malware when it's a perfectly good file?

Symantec is telling me that Hitman Pro will conflict.
  1. Hitman Pro is an malware scanner and should not conflict with Symantec.
  2. It is not unusual for false/positives to occur. Thus, the need to pay attention to what is happening on your computer.

Quote   Quote: Originally Posted by codyw View Post
I went to the DRIVERS folder under the C drive and manually scanned the folder with Norton and it said everything was fine.
Quote   Quote: Originally Posted by codyw View Post
What would happen if I told Hitman Pro to quarantine/delete the infection and this WAS a false positive. I have Symantec Support saying it's an infection. What would happen if I was to delete the said file?
Your two posts have conflicting information. One indicates that NAV said the Drivers folder is fine and the second indicates Symantec Supports indicates an infection. Which is it?

Did you scan the specific file at VirusTotal as suggested by Capt.Jack Sparrow?

As to what would happen if you delete the driver, you would no longer have a driver for LightPulse Host Bus Adapters (HBAs).
My System SpecsSystem Spec
22 Jun 2010   #10
codyw

Windows 7 Ultimate x64 with SP1
 
 

No, I did not go to VirusTotal. But I still have my Kaspersky 2010 license. What I'm going to do is put it on after wiping Norton. If it finds the infection, then I'll know it was bad. Because Hitman Pro is cloud based leads me to thinking it has to be some kind of infection. I was reading up on Rootkits too since I never really had experience with them. Exactly, how do they act as malware? Do they come through your firewall or how do they get in?
My System SpecsSystem Spec
Reply

 Rootkit Found




Thread Tools




Similar help and support threads
Thread Forum
ZEROACCESS rootkit symptoms found, and missing some Services
Hi guys, I have run malwarebytes and rkill. The results are the following: * ALERT: ZEROACCESS rootkit symptoms found! * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\ * C:\Windows\Installer\{2b524474-7c58-2ccb-2efa-8d9df2ff344d}\L\ *...
System Security
operating system not found and no drivers were found eror
as usual I turned off my laptop and after a while a turned on again to use my laptop but it couldn't reach operating system and showed error : " OPERATING SYSTEM NOT FOUND" ! I tried all instructions to solve the problem and finally run by windows start up CD to re-install new windows. this...
Installation & Setup
Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough
I would really appreciate some help from someone with experience with this matter. Introduction: Origin: False sense of security by AVG (updated), Windows kept updated, Browser settings, firewall, and self system maintainence. Presentation: Installed a 2nd HDD (Exclusively for daily...
System Security
Avast Found Rootkit - TrustedInstaller.exe
I have a 2 day old install has had limited Internet contact to only install updates and AV/Firewall/Malware software. Avast prompted me with a Rootkit Found message pointing to C:\Windows\servicing\TrustedInstaller.exe. I ran Avast and Emsisoft Anti-Malware on the file in that location showing it...
System Security
Rootkit found -- avast! 5
Hello! avast! 5 found a Rootkit: :( C:\Windows\system32\drivers\ccdcmb.sys and C:\Windows\system32\drivers\ccdcmbo.sys Please help me what do I do?? and.... Is avast 5 really compatible with Windows 7? Some say they get the "Blue-screen Error" :)
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 19:20.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App