Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

this is my first hijackthis log


  • Please log in to reply
18 replies to this topic

#16 garyhite

garyhite

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 07 June 2006 - 06:38 AM

here is the file, by the way, i did some research on zepter software and this seems to be a particularly difficult rootkit to remove- i hope you can help me with this HKLM\S-1-5-21-3814337359-3193888343-2863382003-1003\Software\Zepter Software\RegLib*78fa2508 5/12/2006 10:25 PM 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 6/7/2006 8:02 AM 80 bytes Data mismatch between Windows API and raw hive data. C:\Program Files\Norton AntiVirus\Savrt\0374NAV~.TMP 6/7/2006 8:14 AM 0 bytes Hidden from Windows API.

    Advertisements

Register to Remove


#17 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 07 June 2006 - 07:37 AM

Download blacklight

Instructions on usage here.

Rename the file and remove it.

#18 garyhite

garyhite

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 07 June 2006 - 09:36 AM

i downloaded and ran blacklight, but it did not find the zepter rootkit. I read that a program called regdelnull can eliminate this rootkit but it said that I "need to run RegDelNull from a Command Prompt, complete with command line parameters. Or from a shortcut where you have manually appended those parameters into the Target box of the shortcut's properties" and this kind of operation is a bit over my head. if you could give me step by step instruction on this i think i may be able to accomplish this, unless you have a safer idea

#19 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 08 June 2006 - 05:12 AM

After checking it seams that it is nothing to worry about.

if you could give me step by step instruction on this i think i may be able to accomplish this

I would not fell comfortable giving instructions on how to do that.
Sorry might post here. http://www.sysintern...asp?FID=17&PN=0

Edited by little eagle, 08 June 2006 - 05:14 AM.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users