3 replies to this topic

[Timay]

Hey i am new to the forums and came across this rootkit that mbam did not detect. scanned with 1927 definitions

Quote

File 3ff122ce.sys received on 04.01.2009 02:08:11 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 15/40 (37.5%)

Virus Total

The file seems to disable both BITS and Automatic updates by replacing %systemroot% with %fystemroot%

Filename also seems to be random.

hxxp://rapidshare.com/files/215959670/rootkit.zip.html
password: malwarebytes

includes the rootkit and one of its registry keys

First time doing stuff like this let me know if i am missing anything or doing it wrong.

[Maniac]

Thank you for the files! Please upload both rootkits here:
http://uploads.malwarebytes.org/

Now detected by ESET NOD32 Antivirus.

[Timay]

Uploaded them both.

[Maniac]

Thank you! I guess that as soon as possible, they will be added to the definitions of MalwareBytes' Anti-Malware.