Tech Support Forum - View Single Post

calvin333 · 06-18-2008, 02:19 PM

Oops... here goes:

original Dr. Web log
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Administrator\桌面\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Administrator\桌面;Archive contains infected objects;;
NMYV5MDA.NQF;C:\Program Files\ESET\infected;Trojan.NtRootKit.1177;;
Process.exe;C:\SDFix\apps;Tool.Prockill;;

New mbr.log

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0xdf8f900 size 0x1a8 !
copy of MBR has been found in sector 62 !

06-18-2008, 02:19 PM	#10 (permalink)
calvin333 Registered User Join Date: May 2008 Posts: 27 OS: xp	Re: cssrss creating HQS Trojan at startup Oops... here goes: original Dr. Web log SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Administrator\桌面\SDFix.exe;Tool.Prockill;; SDFix.exe;C:\Documents and Settings\Administrator\桌面;Archive contains infected objects;; NMYV5MDA.NQF;C:\Program Files\ESET\infected;Trojan.NtRootKit.1177;; Process.exe;C:\SDFix\apps;Tool.Prockill;; New mbr.log Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0xdf8f900 size 0x1a8 ! copy of MBR has been found in sector 62 !