Jump to content

Malwarebytes

Xanthic

Started by StudioT, Jun 02 2008 12:33 PM

3 replies to this topic

#1
StudioT
Posted 02 June 2008 - 12:33 PM

    New Member

  • Members
  • Pip
  • 23 posts
  • Location:SomersetUK
Over the weekend my Win2k computer acquired Vxgame, Zhelatin and Tibbs trojans.
At least one was protected by the wincom rootkit.

During cleaning I discovered the following registry entry

HKLM\software\Xanthic\{EA85997E-F0A5-F38F-C44B-1D1A619FAE56}

was inaccessible due to null entry.

The entry was removed by proper use of regdelnull.

I have never heard of Xanthic, no other pc on my network has the key. However googling does not throw up nefarious activity by this outfit.

So I was interested in any further information available.

The pc concerned is now clean.

#2
JeanInMontana
Posted 02 June 2008 - 05:49 PM

    Delete this account!!

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,867 posts
  • Interests:would love to see some honesty around this site.
Seems to be a game site or software. I don't have time to read all the hits. Try using Xanthic + malware in a Google seach you get all sorts of interesting stuff.

#3
StudioT
Posted 02 June 2008 - 07:01 PM

    New Member

  • Members
  • Pip
  • 23 posts
  • Location:SomersetUK
Thanks for that, Jean.
I wouldn't describe the result as productive - even the Winternals RR forum failed to reach a conclusion.

#4
Lawrym
Posted 03 August 2008 - 11:48 PM

    New Member

  • Members
  • Pip
  • 1 posts

View PostStudioT, on Jun 2 2008, 08:01 PM, said:

Thanks for that, Jean.
I wouldn't describe the result as productive - even the Winternals RR forum failed to reach a conclusion.

Hi, I found Xanthic in my registry too, it turned up in a rootkit search. When I did a net search for Xanthic on my computer it came up with nothing about viruses. BUT WHEN DOING THE SAME SEARCH ON MY DAUGHTERS COMPUTER IT CAME UP AS A VIRUS RIGHT ON THE TOP OF THE LIST!. I decided (rightly or wrongly) that it was filtering my searches.
I tried to remove it with REGEDIT but that won't touch it (I didn't know about REGDELNULL). So I tried to restore a backed up registry and found that even though I had lots of backups I could not restore any of my old ones. I decided (rightly or wrongly) that Xanthic was blocking me from restoring registry back ups. So in the end I did a boot from my SpotMau disk and took the registry back to a fresh admin.
This caused me to loose most of my setup (a bit like sawing of a leg to avoid snake bite poison) but at least my system is clean now (I hope).

I know how I got Xanthic on my system; well at least I think I do, perhaps Xanthic even buried that trail! It came off a Mag CD in a wireless security app, I won't name it here in case I have the wrong steer.

Can you tell me more about REGDELNULL?

Lawrym
Back to General Malwarebytes Anti-Malware Forum · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malwarebytes Anti-Malware Support
  3. General Malwarebytes Anti-Malware Forum

Products

About

Partners

Follow Us