November 19, 2008 02:53am pst

1. rpggamer... 325,166
2. IndiGenus 194,023
3. phototropic 15,690
4. Admin3k 10,850
5. Sheharya... 10,300
6. orangutang 10,090
7. Firstedition0 9,800
8. 1972vet 9,200
9. Jonvee 9,150
10. briancassin 8,350
11. greyknigh... 8,325
12. younghv 8,215
13. David-Ho... 7,730
14. moh10ly 7,075
15. flubbster 5,300
15. eXpeLLeD... 5,300
17. rindi 5,250
18. war1 5,200
19. willcomp 5,098
20. nobus 4,575
21. Robdb29 3,600
22. gnurl 3,240
23. devil_him... 2,960
24. jcimarron 2,850
25. johnb6767 2,600
25. tenaj-207 2,600

1. rpggamer... 416,150
2. IndiGenus 233,188
3. Sheharya... 23,810
4. phototropic 18,740
5. orangutang 17,090
6. Jonvee 15,312
7. Admin3k 10,850
8. rindi 10,790
9. johnb6767 10,443
10. younghv 10,415
11. Firstedition0 9,800
12. war1 9,450
13. 1972vet 9,200
14. willcomp 8,658
15. briancassin 8,350
16. greyknigh... 8,325
17. David-Ho... 7,930
18. r-k 7,845
19. moh10ly 7,075
20. devil_him... 7,028
21. nobus 6,975
22. souseran 5,700
23. jkr 5,500
24. flubbster 5,300
24. eXpeLLeD... 5,300

06.05.2008 at 12:09PM PDT, ID: 23461541 | Points: 500

	[x] Attachment Details

Mysterious New Rootkit Infection?

Asked by grayhat08 in HijackThis Software, Intrusion Detection Systems (IDS), Operating Systems Network Security

Tags: ICMP Ping, L3 Retriever Ping, NETBIOS SMB IPC$ share access

Over the period of about a month, all our VPN laptops seem to be getting infected with what must be a rootkit of unknown origin. McAfee, SpyBot and SpySweeper can't seem to find any bugs, but our IDS has been alerting me to these symptoms: ICMP Ping, L3 Retriever Ping, NETBIOS SMB IPC$ share access. At first the suspect computer will start generating ICMP pings, then L3retriever pings and finally it will try to SMB to our fileserver. It's like a virus is spreading from laptop to laptop. I asked some CISSP guys and they suspected a rootkit of unknown origin.

Attached is a HijackThis log from one of the laptops.Start Free Trial