 Rootkit? |
Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)
  |
 Jan 8 2008, 04:55 PM
Post
#1
|
|
|
Authentic Member  Group: Authentic Member Posts: 31 Joined: 31-January 06 Member No.: 49,599 Operating System: XP  |
I was reading another thread concerning laptops shutting off for no apparant reason and came accross a bit of advice regarding the possibility of a rootkit infection.
I went to my own drivers folder through the ie link offered there looking for a randomly named .sys file. I found tcpip.sys.ORIGINAL. is this bad? Should I rename it to malware.old? My laptop: Model Name dynabook TX/670LSBI Part Number PATX670LSBI Serial Number X5275999K OS Version Microsoft Windows XP Professional 5.1.2600 Service Pack 2 BIOS Version V2.6C CPU Intel® Pentium® M processor 1.73GHz Physical Memory 512MB RAM Hard Disk Capacity 80,023,749,120 [Byte] 74.528 [GB] Hard Disk Free Space Capacity 16,815,771,648 [Byte] 15.661 [GB] Video Mobile Intel® 915GM/GMS,910GML Express Chipset Family version=6.14.10.4277 Screen Resolution 1024 x 768 Pixels Color Quality True Color (32 Bit) Sound Realtek AC97 Audio version=5.10.0.5830 Network Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller version=8.24.3.3 MAC Address=00:0F:B0:9D:FF:21 Intel® PRO/Wireless 2200BG Network Connection version=9.0.2.31 MAC Address=00:13:CE:6C:82:24 Modem TOSHIBA Software Modem version=2.1.51.0 IDE Device 1 TOSHIBA MK8026GAX IDE Device 2 None IDE Device 3 TSSTcorp CD/DVDW TS-L632B FW version=TF32 IDE Device 4 None IDE Device 5 NERO IMAGEDRIVE2 2.26 IDE Device 6 ZX3370H VZW202C 1.0 Internet Explorer 7.0.5730.11 EC/KBC Version "" PS-MICOM Version "" |
 |
 
|
|
Jan 9 2008, 12:48 PM
Post
#2
|
|
 SuperMember  Group: Tech Team Posts: 1,649 Joined: 11-November 04 From: Lat' 51N, Long' not much East or West, (UK) Member No.: 18,221 Operating System: Win XP (Pro & Home) Win 2000, Linux |
Hi deva,
The file you mention is not inherently dangerous (as a rule) and is usually as a result of a "patch" backing up your tcpip.sys, file and tagging on the "Original" More information from here: http://flum.se/articles/article.asp?id=14 However any file irrespective of its name can be dangerous...if you are in any doubt submit the file to jotti http://virusscan.jotti.org/ or post an HJT log in the malware removal forum. Regards paws |
|
|
|
|
Jan 9 2008, 02:45 PM
Post
#3
|
|
|
SuperMember  Group: Tech Classroom Posts: 1,010 Joined: 21-March 06 From: - Member No.: 52,151 Operating System: - |
Hi Deva,
Here is a link that tells all about Rootkits. I have had the free version installed for some time and run it monthly with clear results. Hope this is of some help including all the good advice Paws has given in his post to you. kind regards, |
|
|
|
|
Jan 11 2008, 06:15 PM
Post
#4
|
|
|
Authentic Member Group: Authentic Member Posts: 31 Joined: 31-January 06 Member No.: 49,599 Operating System: XP |
Thank you team. I will look into all that.
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
4 | LRL | 388 | 25th June 2008 - 03:32 AM Last post by: little eagle |
|||
|
2 | sfrogsf | 582 | 15th June 2008 - 04:45 PM Last post by: Rorschach112 |
|||
|
 |
9 | fordimodi | 1,424 | 3rd May 2008 - 01:56 PM Last post by: Scotty |
||
|
2 | ajcoyne77 | 319 | 19th April 2008 - 01:50 PM Last post by: LDTate |
|||
|
3 | aldarub | 514 | 19th April 2008 - 01:58 AM Last post by: silver |
|||
|
Time is now: 26th July 2008 - 08:45 PM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
