Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 254
  • Last Modified:

Hook file?

I keep getting this file in the main directory on my C: drive.  It comes back after deleting it.  It's still there after running, symantec, Spybot, AVG antispyware and antirootkit.

Its a 1k file called "hook", its a word txt file that reads...

  29872334- 718561136 HIDING A FILE

Anyone know what this is?
0
aloyd18
Asked:
aloyd18
4 Solutions
 
Will SzymkowskiSenior Solution ArchitectCommented:
Have you tried to delete this file from safemode? Also, have you tried hijackthis?
Download hijackthis from the following location.
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10379544.html?tag=lst-0-1

When you have downloaded hiajackthis, run a scan and then copy/paste the log file at www.hijackthis.de. When you have pasted your log file here, press the anaylze button. It will then show you all of the entries being either "Safe" or "Nasty".

Another thing you might want to check is the Add/Remove programs to make sure you dont have any installed software that might be causing to recreate this file after deleting it.

When you delete the file hold Shift and press delete.

Keep us updated
0
 
avrisCommented:
I would use sysinternals' filemon to see what process is writing/reading to/from it - and then use procmon (also from sysinternals) to kill it.


http://www.microsoft.com/technet/sysinternals/Processesandthreadsutilities.mspx?wt.svl=featured
0
 
r-kCommented:
Also I recommend doing a scan of your C: drive with RootkitRevealer:

 http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx

If it shows anything interesting copy-and-paste the first 30 lines or so of the log here.
0
 
Erik BjersPrincipal Systems AdministratorCommented:
There is probley something in one of the run or runonce keys in the registry that is puting this file back and it is more than likley a virus.

run your virus scan in safe mode and delete any infections you find, making note of the virus name(s) found.  

Then check the security responce site at symantec.com/securityresponce for removal instructions of any viruses found.

Also try running msconfig and uncheck any startup items that you do not recognize, if you have any questions about any of them post them here (include process or service name and startup location)

eb
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now