troubleshooting Question

Hacktool.rootkit Virus

Avatar of jsc926
jsc926 asked on
Security
51 Comments3 Solutions6248 ViewsLast Modified:
Norton Antivirus is coming up showing a risk for Hacktool.rootkit showing filename remon.sys.  We have booted the machine in safemode turned of System Restore and scanned with NAV. When we reboot the warning reappears. I have downloaded killbox and tried to remove the file on reboot. I get the message, "Pending fiel renameoperations registry data has been removed by external process!" When I reboot in standard mode the NAV warning reappears. The Virus? seems to be spreading to other machines. I am removing them from the network when I see the warning. Any ideas of how to get rid of this would be appreciated. Would also like to know how to contain.

Thanks,
Scott
ASKER CERTIFIED SOLUTION
Tolomir
Administrator
Join our community to see this answer!
Unlock 3 Answers and 51 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 51 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros