Options
Rustock rootkit
Hey, so I work in a computer shop, and a PC comes in that is blue screening. We cleaned it out, swapped ram, checked temps, etc etc its fine. It boots into into windows fine, and it will only blue screen if you provide any user input to the machine, so using keyboard or mouse. If you just let it sit there, no BSOD. the error code is 0x0000008E and i googled it, and found this site and a user named Troll. This is the link to his thread. http://icrontic.com/forum/showthread.php?t=50966
Why i am here is to help you guys, and make sure Troll gets any information i have to offer on this crazy rootkit. So yeah a program called Combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix is a one stop shop for nuking spyware, viruses and rootkits, it pretty much owns everything. And if you read Trolls post, apparantly this virus is near indetectable, but combofix seems to find somehting, after i start running the program, it tells me " Rootkit activity detected, please copy down the following items because we may need them later " C:\Windows\System32\Drivers\senekaiwxeqgh, senekaqukvkiee, senekaorvculrh, senekanhoppjmr " and as i keep working with this, i will update my thread here, because apparantly we are going to be seeing more of this virus. I hope that Troll sees this, or if anyone can contact him please do so, because maybe we can help eachother out with this rootkit. So yeah thanks guys, ill check back later!
Why i am here is to help you guys, and make sure Troll gets any information i have to offer on this crazy rootkit. So yeah a program called Combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix is a one stop shop for nuking spyware, viruses and rootkits, it pretty much owns everything. And if you read Trolls post, apparantly this virus is near indetectable, but combofix seems to find somehting, after i start running the program, it tells me " Rootkit activity detected, please copy down the following items because we may need them later " C:\Windows\System32\Drivers\senekaiwxeqgh, senekaqukvkiee, senekaorvculrh, senekanhoppjmr " and as i keep working with this, i will update my thread here, because apparantly we are going to be seeing more of this virus. I hope that Troll sees this, or if anyone can contact him please do so, because maybe we can help eachother out with this rootkit. So yeah thanks guys, ill check back later!
0
Comments
1) Rustock is a very old infection, the thread you linked was started in 2006.
2) Combofix is a very powerful removal tool, it is not a
It produces a log that needs to be analysed.
It is not a tool that should be used without being requested by a competent forum helper.