Author: Gruntkiller4000
Subject: Strange drivers
Posted: 03 June 2013 at 6:44am
thanks for reply :)
I ran GMER and just as it finished scanning the computer it CRASHED. And rebooted. It's certain that root kit doesn't want to be scanned through.
In RootRepeal I sawa couple of unknown_irp_handlers as well.
I also noted some strange activity using Process Monitor that Winlogon.exe tries to use C:\windows\system32\config\systemprofile\local settings\temporary internet files\index.dat. I checked the stacks and it discovered an unknown module here as well. It's probably is the root kit.
I should try GMER in safe mode later and I'll give you a reply.
Subject: Strange drivers
Posted: 03 June 2013 at 6:44am
thanks for reply :)
I ran GMER and just as it finished scanning the computer it CRASHED. And rebooted. It's certain that root kit doesn't want to be scanned through.
In RootRepeal I sawa couple of unknown_irp_handlers as well.
I also noted some strange activity using Process Monitor that Winlogon.exe tries to use C:\windows\system32\config\systemprofile\local settings\temporary internet files\index.dat. I checked the stacks and it discovered an unknown module here as well. It's probably is the root kit.
I should try GMER in safe mode later and I'll give you a reply.