Link to home
Create AccountLog in
Anti-Virus Apps

Anti-Virus Apps

--

Questions

--

Followers

Top Experts

Avatar of SUNYESF
SUNYESF

Symantec endpoint detected Hacktool.rootkit
After cleaning out a computer that had several different types of spyware/trojans, I ended up with hacktool.rootkit left.  I have tried several different scans (symantec, spybot, superantispyware) both in regular mode and in safemode with no success.  The actual file apparently resides in C:\windows\sys32\drivers.klif.sys but when I look it is not there.  I cant view hidden files and folders and making registry changes to allow me to but it doesnt work.  I have also tried to use the command prompt to delete the file but it doesnt exist.  Any suggestions?  Symantec says this virus is old (2001) but that there is a new quick release that was out yesterday.  Attached is the hijack this log.
hijackthis.log

Zero AI Policy

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

Avatar of Hypercat (Deb)Hypercat (Deb)🇺🇸

Rootkits are notoriously difficult, if not impossible, to remove.  You might try searching for rootkit removal tools on the Internet, but of course be sure anything you try is from a trusted source.  I won't recommend anything in particular myself, having never had to use one. Symantec actually recommends a clean wipe and reinstall of the operating system as the remedy for this rootkit.
Avatar of SUNYESFSUNYESF

ASKER

I did a clean reinstall of windows and it managed to get back onto the system.  The file shows up in system32 (according to symantec) so I made sure that I copied his data only and I scanned with symantec before I moved the external to his newly cleaned PC.  I did a quick format though... do you think thats the reason it came back?
Avatar of Mohamed OsamaMohamed Osama🇪🇬

download those tools and use them on the infected machines.
Rootkit revealer http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
Gmer http://www.gmer.net/gmer.zip

those tools can get usually handle them in safe mode or even normal mode .

hope this helps.

Reward 1Reward 2Reward 3Reward 4Reward 5Reward 6

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

Avatar of SUNYESFSUNYESF

ASKER

Im not quite sure how to use Gmer, but Rootkit revealer shows me a few registry enteries that I can't see.  Could you elaborate more on Gmer?  I also tried Sophos anti-root and AVG anti-rootkit but none of them worked.  
ASKER CERTIFIED SOLUTION
Avatar of xmachinexmachine🇰🇼

Link to home
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Create Account
Anti-Virus Apps

Anti-Virus Apps

--

Questions

--

Followers

Top Experts

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.