| | possible rootkit | |
| | Author | Message |
---|
fay47 Royal Geek
Number of posts : 1480 Registration date : 2008-10-17 Mood :
| Subject: possible rootkit 11/23/2013, 13:34 | |
| Repa,
I am doing this on the old computer . Boot time scan on main computer found a possible rootkit Win32:EVO-GEN
Suspend it might be a false positive but do not know how to tell.
In a boot time scan it found a file hphc-service.exe in the hp folder in programs. Based on file name it appears to be a legit file but do not know how to tell if it has become infected. Only options are : deleted , ignore.
I hate to do anything on that computer till this is resolved. What do you suggest. | |
| | | fay47 Royal Geek
Number of posts : 1480 Registration date : 2008-10-17 Mood :
| Subject: Re: possible rootkit 11/23/2013, 15:28 | |
| I found some instructions on how to manually move to chest and submit to AVAST. SO, Guess I can go ahead and work on the computer. But, I do not know how I will know if I need to leave it it chest or if it is ok to restore it, or when I will know.
If I go to the chest , right click on file and select scan, it says not virus found, but I do not know about root kits.
| |
| | | Repa Site Administrator
Number of posts : 2378 Location : North Carolina Humor : Age: Older than Dirt! Registration date : 2008-09-19
| Subject: Re: possible rootkit 11/23/2013, 16:58 | |
| Fay, that is the one thing I don't like about avast - it does tend to generate false positives occasionally. You start by googling the processor name and look at sites that tell you about processors and startup files. Check out the site before going there though, if you're not familiar with it. You can read about hphc-service.exe here: www.file.net It is a legitimate processor. Note the modification date on the processor in the windows explorer details list - it should date back to when you bought the computer or earlier unless updates were performed, either by you or HP if you set your system to update HP stuff automatically. You can check the file by right-clicking on the file > Properties and examine the Details and Digital Signatures tabs for information that should check out the processor. You can also run spybot and malwarebytes on the file as we discussed before, and also run rootkit scanners Sophos Anti-rootkit and TDSSKiller from Kaspersky to further check out your system and see if they detect that file. If you've sent the file to Avast, they should get back to you via email within a couple of days on validating whether or not it is a false positive. Most of the time I've gotten a response the next day. I seriously doubt the processor is infected, but better safe than sorry. BTW, before you schedule a boot time scan, you can select Settings and there is an option in pull down menu at the bottom of the page to move detections to the virus chest. You can always move them back later after you check them out, or delete them if they check out to be true positives. | |
| | | fay47 Royal Geek
Number of posts : 1480 Registration date : 2008-10-17 Mood :
| Subject: Re: possible rootkit 11/23/2013, 17:25 | |
| Repa,
I did already look at some of the things you suggested - looked at the last modified date, but was just not sure if the hackers had a way of controlling that or not. Did some googling and found the .exe was a legit file just was not sure if it was some way infected. Was pretty sure it was a false positive but just not positive. Just way to many things happening all at once.
Thanks Fay | |
| | | Sponsored content
| Subject: Re: possible rootkit | |
| |
| | | | possible rootkit | |
|
| Permissions in this forum: | You cannot reply to topics in this forum
| |
| |
| | This candle stays lit in loving memory of our dear friends Janewm & Sheila |
Latest topics | » Ccleaner Icon Disappeared by Repa 9/26/2017, 23:45
» Are these pop ups real or hoax? by Repa 8/4/2017, 22:33
» SiteAdvisor Changed by wcturner 8/4/2017, 19:12
» Windows Defender Turned Off by Repa 5/16/2017, 09:25
» Java Runtime Update offered by Repa 12/22/2016, 20:57
» august windows updates by fay47 8/23/2016, 11:27
» Windows Defender Auto Scan by wcturner 8/14/2016, 17:59
» Windows Defender Updates by wcturner 6/10/2016, 00:11
» Flash Bug by wcturner 5/14/2016, 11:42
» Spybot Updates by Repa 3/31/2016, 16:12
» W Updates by fay47 3/19/2016, 09:20
» Battery Backup - UPS by fay47 2/28/2016, 18:14
» Bookmarks by wcturner 2/14/2016, 19:33
» windows update slow by fay47 2/13/2016, 21:52
» Keyboard Shortcuts by wcturner 2/1/2016, 18:02
» Malwarebytes Threats by Repa 1/27/2016, 23:52
» Avast SecureLine Disconnected by Repa 12/10/2015, 09:16
» Suggested Updates /Komando by wcturner 11/2/2015, 22:56
» Windows Updates by wcturner 10/14/2015, 18:46
» open office question by fay47 10/8/2015, 22:23
|
Warning! Beware of Download Manager install request in Ad Bar Under Geeks Logo | 10/31/2013, 16:09 by Repa | Just noticed that when I went to logon that there is an ad under the Geeks Logo that says, "your Download Manager might be outdated. Do you want to install it now?" Don't fall for it! Ignore it!
| Comments: 3 |
Share Us! | |
feeds | |
|