KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

is this caused by rootkit?

https://www.kernelmode.info/forum/viewtopic.php?f=10&t=368

Page 1 of 1

is this caused by rootkit?

PostPosted:Tue Sep 28, 2010 6:25 pm
by stano
Hello, I made just a windows scan with antirootkit rootrepeal and rkunhooker from this forum and got some results. Attaching logs here, can someone explain more about that?

Sorry if this is a wrong section ;)

Re: is this caused by rootkit?

PostPosted:Wed Sep 29, 2010 9:42 am
by nullptr
Looks like you've got alcohol/disk emulation software installed.
http://download.bleepingcomputer.com/jp ... fogger.exe
- Download DeFogger to your desktop.
- Run Defogger and click on the Disable button.
- Follow the prompts. If emulation software is found, then OK the message to reboot the pc.

Scan with RkU.

Re: is this caused by rootkit?

PostPosted:Fri Dec 17, 2010 10:40 am
by EP_X0FF
Zero Access replaces IRP handlers of disk.sys system driver. There are no such stuff in both reports.
In case of topic starter reports it was Alcohol/Daemon tools SPTD driver.

Necropost removed, thread locked.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/