Geeks, Geeks and More Geeks
Would you like to react to this message? Create an account in a few clicks or log in to continue.


THIS FORUM IS NO LONGER ACTIVE. SORRY! DO NOT ATTEMPT TO REGISTER; YOUR REQUEST WILL NOT BE ACCEPTED.
 
PortalPortal  HomeHome  GalleryGallery  Latest imagesLatest images  SearchSearch  RegisterRegister  Log in  

 

 possible rootkit

Go down 
2 posters
AuthorMessage
fay47
Royal Geek
Royal Geek
fay47


Number of posts : 1480
Registration date : 2008-10-17
Mood : none

possible rootkit Empty
PostSubject: possible rootkit   possible rootkit Empty11/23/2013, 13:34

Repa,

I am doing this on the old computer .
Boot time scan on main computer found a possible rootkit
Win32:EVO-GEN

Suspend it might be a false positive but do not know how to tell.

In a boot time scan it found a file  hphc-service.exe in the hp folder in programs.  Based on file name it appears to be a legit file
but do not know how to tell if it has become infected.
Only options are : deleted , ignore.

I hate to do anything on that computer till this is resolved.  What do you suggest.
Back to top Go down
fay47
Royal Geek
Royal Geek
fay47


Number of posts : 1480
Registration date : 2008-10-17
Mood : none

possible rootkit Empty
PostSubject: Re: possible rootkit   possible rootkit Empty11/23/2013, 15:28

I found some instructions on how to manually move to chest and submit to AVAST.
SO, Guess I can go ahead and work on the computer.
But, I do not know how I will know if I need to leave it it chest or if it is ok to restore it, or when   I will know.

If I go to the chest , right click on file and select scan, it says not virus found, but I do not know about root kits.

Back to top Go down
Repa
Site Administrator
Site Administrator
Repa


Number of posts : 2378
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

possible rootkit Empty
PostSubject: Re: possible rootkit   possible rootkit Empty11/23/2013, 16:58

Fay, that is the one thing I don't like about avast - it does tend to generate false positives occasionally. You start by googling the processor name and look at sites that tell you about processors and startup files. Check out the site before going there though, if you're not familiar with it. You can read about hphc-service.exe here:  www.file.net

It is a legitimate processor. Note the modification date on the processor in the windows explorer details list - it should date back to when you bought the computer or earlier unless updates were performed, either by you or HP if you set your system to update HP stuff automatically.

You can check the file by right-clicking on the file > Properties and examine the Details and Digital Signatures tabs for information that should check out the processor. You can also run spybot and malwarebytes on the file as we discussed before, and also run rootkit scanners Sophos Anti-rootkit and TDSSKiller from Kaspersky to further check out your system and see if they detect that file.

If you've sent the file to Avast, they should get back to you via email within a couple of days on validating whether or not it is a false positive. Most of the time I've gotten a response the next day. I seriously doubt the processor is infected, but better safe than sorry.

BTW, before you schedule a boot time scan, you can select Settings and there is an option in pull down menu at the bottom of the page to move detections to the virus chest. You can always move them back later after you check them out, or delete them if they check out to be true positives.
Back to top Go down
fay47
Royal Geek
Royal Geek
fay47


Number of posts : 1480
Registration date : 2008-10-17
Mood : none

possible rootkit Empty
PostSubject: Re: possible rootkit   possible rootkit Empty11/23/2013, 17:25

Repa,

I did already look at some of the things you suggested - looked at the last modified date, but was just not sure if the hackers had a way of controlling that or not. Did some googling and found the .exe was a legit file just was not sure if it was some way infected. Was pretty sure it was a false positive but just not positive. Just way to many things happening all at once.

Thanks
Fay
Back to top Go down
Sponsored content





possible rootkit Empty
PostSubject: Re: possible rootkit   possible rootkit Empty

Back to top Go down
 
possible rootkit
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Geeks, Geeks and More Geeks :: Windows Computer Help :: Computer Security-
Jump to: