I got a rootkit, need some help.

Oldie · Nov 13, 2005

OK, I started getting random popups for the first time ever. I'm a spyware freak, and am pretty careful what I open. I ran the normal apps, and everything comes up clean now, but I'm still getting the ads. Thanks to the popularity Sony has lent them, I tried giving SysInternals Rootkit Revealer a spin, and well dayum:

Code:

HKLM\SOFTWARE\C2Xi4AxsbVq5	11/12/2005 4:11 PM	0 bytes	Hidden from Windows API.
HKLM\SOFTWARE\Classes\CLSID\{44BD4CEF-0E4D-C558-6DFE23FFC881A6CD}\{A2EC7C34-2018-E83B-27DF1E7548223FEC}\{5151FD78-1E6F-B5B8-7B478C2CB67D678B}*	10/30/2005 10:20 PM	0 bytes	Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{484F515E-F5F4-CAE2-00797FFBC1B1DB0A}\{B5BB857C-6143-5E3C-4B14653578135B7A}\{14E971F7-0C0F-F2F4-35B0BAA5D2098273}*	10/30/2005 10:20 PM	0 bytes	Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{8FD8A5D7-9511-025F-16B31A5B051F5A4D}\{7F4BC209-0230-7A50-936F3704F4AD01D8}\{4F172B6C-B722-D8DB-046FD06C67D2EAC6}*	10/30/2005 10:20 PM	0 bytes	Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\	6/3/2005 11:24 AM	0 bytes	Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_AECMART	11/12/2005 12:33 AM	0 bytes	Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\aecmart	11/13/2005 8:24 PM	0 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft	11/13/2005 1:15 AM	0 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\ace.dll	11/12/2005 12:33 AM	568.00 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\AI_12-11-2005.log	11/12/2005 12:33 AM	3 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\AI_13-11-2005.log	11/13/2005 1:15 AM	3 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache	11/13/2005 8:23 PM	0 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000029_43765a7a_000e8b25	11/12/2005 4:11 PM	47.65 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000029_43769c3a_0008583b	11/13/2005 8:23 PM	3.24 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000029_4377aa24_000aba95	11/13/2005 4:03 PM	2.20 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000029_4377cc6e_00057bcf	11/13/2005 6:29 PM	2.20 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000035_4376bfd9_000e8b25	11/12/2005 11:23 PM	15.27 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000035_4377b4b0_000e4e1c	11/13/2005 4:48 PM	223 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000099_43769c55_0000f424	11/13/2005 4:44 PM	456 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000099_43769cbc_00039387	11/12/2005 8:54 PM	2.90 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000099_4377b3af_00007a12	11/13/2005 4:44 PM	947 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000120_43769cf7_0006acfc	11/12/2005 8:55 PM	707 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000120_4377b402_000c65d4	11/13/2005 4:45 PM	10.25 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000124_4377b3b0_0004c4b4	11/13/2005 4:45 PM	839 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000001d3_4377b4be_000b34a7	11/13/2005 4:48 PM	838 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000001eb_43769c51_00031975	11/12/2005 8:52 PM	53.12 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000001eb_43769cb8_0006acfc	11/12/2005 8:54 PM	0 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000030a_43769c84_000aba95	11/12/2005 8:53 PM	3.36 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000030a_4377b3f9_000cdfe6	11/13/2005 4:45 PM	4.68 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000384_4376baf0_000ec82e	11/12/2005 11:02 PM	1.81 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000384_4377b48c_000c28cb	11/13/2005 4:47 PM	354 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000047e_4377b46b_0003567e	11/13/2005 4:47 PM	838 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000677_4376be41_0008583b	11/12/2005 11:17 PM	40 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000677_4377b492_000c65d4	11/13/2005 4:48 PM	838 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000732_4377b402_0003d090	11/13/2005 4:45 PM	38.86 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000074d_43769c73_0000f424	11/12/2005 8:53 PM	385 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000074d_43769cc2_0008583b	11/12/2005 8:54 PM	0 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000074d_4377b3be_0007270e	11/13/2005 4:45 PM	839 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000007cf_4377b4b8_0009c671	11/13/2005 4:48 PM	375 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000822_43769d27_00007a12	11/12/2005 8:55 PM	447 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000822_4377b429_000c65d4	11/13/2005 4:46 PM	1020 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000902_4377b441_000baeb9	11/13/2005 4:46 PM	857 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000bb3_43769c51_000cdfe6	11/12/2005 8:53 PM	768 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000bb3_43769cb8_0007a120	11/12/2005 8:54 PM	31.59 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000bb3_4377b3ac_00090f56	11/13/2005 4:44 PM	2.22 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000bdb_43769c85_0006acfc	11/12/2005 8:53 PM	696 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000bdb_43769cf5_0007a120	11/12/2005 8:55 PM	4.28 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000bdb_4377b3fc_00022551	11/13/2005 4:45 PM	842 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000d66_4376b9e0_00098968	11/12/2005 10:58 PM	11.91 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000d66_4377b472_00040d99	11/13/2005 4:47 PM	232 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000ddc_43769d0b_0001ab3f	11/12/2005 8:55 PM	1.09 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000ddc_4377b409_000af79e	11/13/2005 4:45 PM	444 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000e12_4376be48_0007a120	11/12/2005 11:17 PM	7.06 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000e12_4377b4a1_000ec82e	11/13/2005 4:48 PM	841 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000e90_4377b4bf_000e1113	11/13/2005 4:48 PM	5.56 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000ecc_4377b4bd_00022551	11/13/2005 4:48 PM	385 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000f3e_43769c54_000632ea	11/12/2005 8:52 PM	144.59 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000f3e_4377b3ae_000bebc2	11/13/2005 4:44 PM	943 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000fbf_43769d49_000e1113	11/12/2005 8:56 PM	221 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000fbf_4377b468_000a037a	11/13/2005 4:47 PM	354 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000fc9_4376be48_0005f5e1	11/12/2005 11:17 PM	715 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00000fc9_4377b4a0_000501bd	11/13/2005 4:48 PM	838 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000011f4_4376bfd5_000e8b25	11/12/2005 11:23 PM	2.22 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000011f4_4377b4ad_000aba95	11/13/2005 4:48 PM	838 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000121f_43769d2d_00090f56	11/13/2005 4:46 PM	455 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000121f_4377b42e_000bebc2	11/13/2005 4:46 PM	4.37 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001238_43769c7b_00090f56	11/12/2005 8:52 PM	5.95 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001238_4377b3d7_00094c5f	11/13/2005 4:44 PM	455 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000127e_4376bfd7_00007a12	11/12/2005 11:23 PM	5.42 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000127e_4377b4b0_000baeb9	11/13/2005 4:48 PM	455 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000012db_43769c53_00000000	11/12/2005 8:53 PM	734 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000012db_43769cba_000dd40a	11/12/2005 8:54 PM	3.01 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000012db_4377b3ac_000c65d4	11/13/2005 4:44 PM	2.32 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000012e1_4377b42c_0003d090	11/13/2005 4:46 PM	513 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001366_4377b414_0007270e	11/13/2005 4:45 PM	767 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000139d_43769d32_000e8b25	11/12/2005 8:56 PM	219 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000139d_4377b444_000ca2dd	11/13/2005 4:46 PM	1.30 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000013e9_43769d3e_0000f424	11/12/2005 8:56 PM	232 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000013e9_4377b45a_000ca2dd	11/13/2005 4:47 PM	841 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000153c_43769c54_00039387	11/12/2005 8:53 PM	731 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001547_43769c5d_000632ea	11/12/2005 8:52 PM	1.09 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001547_43769cc0_0002625a	11/13/2005 4:45 PM	384 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001547_4377b3bb_0001e848	11/13/2005 4:45 PM	767 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000015a1_43769d23_0003d090	11/12/2005 8:55 PM	735 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000015a1_4377b420_00089544	11/13/2005 4:46 PM	707 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001649_43769c49_0001ab3f	11/12/2005 8:52 PM	1.09 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001649_43769cb4_000e1113	11/12/2005 8:53 PM	4.44 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001649_4377b3aa_00090f56	11/13/2005 4:44 PM	6.51 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001649_4377e71e_0007270e	11/13/2005 8:23 PM	17.91 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000016c5_4377b450_0007a120	11/13/2005 4:46 PM	841 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000187e_4377b44f_00040d99	11/13/2005 4:46 PM	232 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000018be_43765a7f_0003567e	11/12/2005 4:11 PM	6.08 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000018be_43769c44_00081b32	11/12/2005 8:52 PM	714 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000018be_4377aa2c_0001ab3f	11/13/2005 4:03 PM	2.20 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000018d7_4376be42_000501bd	11/12/2005 11:17 PM	4.69 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000018d7_4377b496_000e8b25	11/13/2005 4:48 PM	841 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001916_4376bab6_000baeb9	11/12/2005 11:01 PM	748 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001916_4377b485_000c28cb	11/13/2005 4:47 PM	838 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001953_4376be48_000487ab	11/12/2005 11:17 PM	454 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001953_4377b498_00040d99	11/13/2005 4:48 PM	224 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001a49_4377b405_00040d99	11/13/2005 4:45 PM	5.77 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001ad4_43769c7c_0007270e	11/12/2005 8:53 PM	708 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001ad4_4377b3df_000cdfe6	11/13/2005 4:45 PM	1.15 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001af4_4377b4ba_0001312d	11/13/2005 4:48 PM	3.10 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001cd0_43769d16_000a037a	11/12/2005 8:55 PM	707 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001cd0_4377b414_000ec82e	11/13/2005 4:45 PM	842 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001e1f_43769c7c_0000b71b	11/12/2005 8:53 PM	243 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00001e1f_4377b3db_00090f56	11/13/2005 4:44 PM	22.67 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002059_4376bfd6_000d59f8	11/12/2005 11:23 PM	2.22 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002059_4377b4b0_0006ea05	11/13/2005 4:48 PM	834 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002213_43769c82_00016e36	11/12/2005 8:53 PM	4.59 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002213_43769ceb_0002dc6c	11/12/2005 8:54 PM	524 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002213_4377b3f9_0007a120	11/13/2005 4:45 PM	304 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000022cd_4376bab6_000487ab	11/13/2005 6:29 PM	850 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000022cd_4377b47d_000d9701	11/13/2005 4:47 PM	857 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000022ee_43769cf7_000d59f8	11/12/2005 8:55 PM	455 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000022ee_4377b403_000e1113	11/13/2005 4:45 PM	858 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002350_43769cf7_000b71b0	11/12/2005 8:55 PM	103 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000023c9_4377b45c_00094c5f	11/13/2005 4:47 PM	1.18 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000249e_4376bfbb_0001ab3f	11/12/2005 11:23 PM	16.08 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000249e_4377b4ad_00040d99	11/13/2005 4:48 PM	354 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000260d_43769c83_00057bcf	11/12/2005 8:53 PM	39.40 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000260d_43769ceb_000c28cb	11/12/2005 8:54 PM	1.15 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000260d_4377b3f9_0007de29	11/13/2005 4:45 PM	1.09 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000261e_4376bab6_000632ea	11/13/2005 6:29 PM	2.05 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000261e_4377b47e_000ca2dd	11/13/2005 4:47 PM	354 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000026a6_43769c74_000baeb9	11/12/2005 8:52 PM	1.11 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000026a6_43769ccb_000c65d4	11/12/2005 8:54 PM	1.15 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000026a6_4377b3c5_0001ab3f	11/13/2005 4:44 PM	23.03 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000026ca_43769d2e_00007a12	11/12/2005 8:55 PM	489 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000026ca_4377b437_000c65d4	11/13/2005 4:46 PM	842 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000026e9_43769c4a_000ec82e	11/12/2005 8:52 PM	1.17 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000026e9_43769cb7_000b34a7	11/12/2005 8:53 PM	937 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\000026e9_4377b3ac_00053ec6	11/13/2005 4:44 PM	2.29 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002833_4376be54_00081b32	11/12/2005 11:17 PM	748 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002833_4377b4a2_00098968	11/13/2005 4:48 PM	857 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000288f_4376bab6_0002625a	11/13/2005 6:29 PM	202 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\0000288f_4377b478_000b71b0	11/13/2005 4:48 PM	329 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002b0c_4376bfd5_000baeb9	11/13/2005 4:44 PM	37.43 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002b0c_4377b4ad_00098968	11/13/2005 4:48 PM	225 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002c3b_4377b420_0001e848	11/13/2005 4:46 PM	692 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002c49_4376b9ee_000aba95	11/12/2005 10:58 PM	7.99 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002c49_4377b473_000bebc2	11/13/2005 4:47 PM	354 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002cd6_43769c48_00016e36	11/12/2005 8:52 PM	1.15 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002cd6_43769cb3_0009c671	11/12/2005 8:53 PM	3.41 KB	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002cd6_4377ab49_00044aa2	11/13/2005 4:08 PM	400 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002cd6_4377cd41_00089544	11/13/2005 6:33 PM	0 bytes	Hidden from Windows API.
C:\Program Files\Epsasoft\Cache\00002d12_43769c6e_0001e848	11/12/2005 8:52 PM	25.88 KB	Hidden from Windows API..

I chopped off a bit at the end to avoid the 20k char limit. I've tried googling some of the names, but I'm coming up empty. Any idea how to clean this, or should I format now? I'm not a big advocate of the format and reinstall solution, but w/rootkits I'm not so sure. I would prefer to learn how to kill this. Any advice?

Malk-a-mite · Nov 13, 2005

I think your best bet for help would be the RKR forums:
http://www.sysinternals.com/Forum/forum_topics.asp?FID=15

I just started reading over them myself in the past week.

Lowbatt · Nov 13, 2005

You can also try this
http://www.f-secure.com/blacklight/

I've had some luck with that but honestly I'd never trust my machine after I'd found a rootkit on it. I'd format and start over.

Wolf-R1 · Nov 14, 2005

Lowbatt said:
You can also try this
http://www.f-secure.com/blacklight/

I've had some luck with that but honestly I'd never trust my machine after I'd found a rootkit on it. I'd format and start over.

Yes and no with a tendency toward yes...

It all depends on how crafty the hacker is or if it's just your average script kiddie running around with someone else's tools which is usually the case.

If you can run a clean up tool successfully then things should be alright. But if your clean up tool runs and there's still little things around afterward...I'd wipe and start fresh.

I got a rootkit, need some help.

Oldie

Mean Old Administrator

Malk-a-mite

[H]ard|Gawd

Lowbatt

Gawd

Wolf-R1

[H]ard|Gawd