Hacktool.Rootkit

**georgetray** · 18.09.2009, 15:09

Сообщение об угрозе от Symantec появляется после каждой загрузки ОС.

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**Bratez** · 18.09.2009, 15:30

Пофиксите в HijackThis:

Код:

F2 - REG:system.ini: Shell=explorer.exe 
O4 - HKLM\..\Run: [Generic Host for Win32 Services] ‘| б—|к‘|мь

Активной заразы в логах не видно.
Что конкретно сообщает Симантек?

**georgetray** · 18.09.2009, 15:48

Это сохраненный лог в формате csv (кусок лога за сегодня, csv файлы не цепляются)

Date and Time,Risk,Action,Filename,Risk Type,Original Location,Computer,User,Status,Current Location,Primary Action,Secondary Action,Logged By,Action Description
18.09.2009 14:43:23,Hacktool.Rootkit,Cleaned,APQ57.tmp,File,C :\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\,ADMIN-80FA4918F,Admin,Cleaned,C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\,Clean security risk,Quarantine,Auto-Protect scan,The file was repaired successfully.
18.09.2009 7:07:28,Hacktool.Rootkit,Cleaned by deletion,rdl1.tmp,File,C:\Documents and Settings\Admin\Local Settings\Temp\,ADMIN-80FA4918F,Admin,Deleted,Deleted,Clean security risk,Quarantine,Auto-Protect scan,The file was deleted successfully.
18.09.2009 7:06:47,Trojan Horse,Restart Processing,Unavailable,File,Unavailable,ADMIN-80FA4918F,Admin,Infected,Unavailable,Delete,Leave alone (log only),Auto-Protect scan,Performing Post-Reboot Risk Processing.
18.09.2009 7:06:45,Trojan Horse,Restart Processing,Unavailable,File,Unavailable,ADMIN-80FA4918F,Admin,Infected,Unavailable,Delete,Leave alone (log only),Auto-Protect scan,Performing Post-Reboot Risk Processing.
18.09.2009 7:06:36,Trojan Horse,Restart Processing,Unavailable,File,Unavailable,ADMIN-80FA4918F,Admin,Infected,Unavailable,Delete,Leave alone (log only),Auto-Protect scan,Performing Post-Reboot Risk Processing.
18.09.2009 7:03:25,Trojan Horse,Restart Required - Quarantined,msvcrt57.dll,File,C:\WINDOWS\system32\ ,ADMIN-80FA4918F,Admin,Infected,Quarantine,Restart Required - Clean security risk,Restart Required - Quarantine,Auto-Protect scan,The file was quarantined successfully.
18.09.2009 7:02:45,Trojan Horse,Restart Required - Quarantined,msvcrt57.dll,File,C:\WINDOWS\system32\ ,ADMIN-80FA4918F,Admin,Infected,Quarantine,Restart Required - Clean security risk,Restart Required - Quarantine,Auto-Protect scan,The file was quarantined successfully.
18.09.2009 7:01:46,Trojan Horse,Restart Required - Quarantined,msvcrt57.dll,File,C:\WINDOWS\system32\ ,ADMIN-80FA4918F,Admin,Infected,Quarantine,Restart Required - Clean security risk,Restart Required - Quarantine,Auto-Protect scan,The file was quarantined successfully.
18.09.2009 6:44:50,Hacktool.Rootkit,Cleaned by deletion,rdl1.tmp,File,C:\Documents and Settings\Admin\Local Settings\Temp\,ADMIN-80FA4918F,Admin,Deleted,Deleted,Clean security risk,Quarantine,Auto-Protect scan,The file was deleted successfully.