A friendly forum to get help and support
 
PortalPortal  HomeHome  GalleryGallery  FAQFAQ  SearchSearch  RegisterRegister  Log in  

Share | 
 

 possible rootkit

View previous topic View next topic Go down 
AuthorMessage
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: possible rootkit   11/23/2013, 13:34

Repa,

I am doing this on the old computer .
Boot time scan on main computer found a possible rootkit
Win32:EVO-GEN

Suspend it might be a false positive but do not know how to tell.

In a boot time scan it found a file  hphc-service.exe in the hp folder in programs.  Based on file name it appears to be a legit file
but do not know how to tell if it has become infected.
Only options are : deleted , ignore.

I hate to do anything on that computer till this is resolved.  What do you suggest.
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: possible rootkit   11/23/2013, 15:28

I found some instructions on how to manually move to chest and submit to AVAST.
SO, Guess I can go ahead and work on the computer.
But, I do not know how I will know if I need to leave it it chest or if it is ok to restore it, or when   I will know.

If I go to the chest , right click on file and select scan, it says not virus found, but I do not know about root kits.

Back to top Go down
View user profile
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2378
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: Re: possible rootkit   11/23/2013, 16:58

Fay, that is the one thing I don't like about avast - it does tend to generate false positives occasionally. You start by googling the processor name and look at sites that tell you about processors and startup files. Check out the site before going there though, if you're not familiar with it. You can read about hphc-service.exe here:  www.file.net

It is a legitimate processor. Note the modification date on the processor in the windows explorer details list - it should date back to when you bought the computer or earlier unless updates were performed, either by you or HP if you set your system to update HP stuff automatically.

You can check the file by right-clicking on the file > Properties and examine the Details and Digital Signatures tabs for information that should check out the processor. You can also run spybot and malwarebytes on the file as we discussed before, and also run rootkit scanners Sophos Anti-rootkit and TDSSKiller from Kaspersky to further check out your system and see if they detect that file.

If you've sent the file to Avast, they should get back to you via email within a couple of days on validating whether or not it is a false positive. Most of the time I've gotten a response the next day. I seriously doubt the processor is infected, but better safe than sorry.

BTW, before you schedule a boot time scan, you can select Settings and there is an option in pull down menu at the bottom of the page to move detections to the virus chest. You can always move them back later after you check them out, or delete them if they check out to be true positives.

_________________
Repa
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: possible rootkit   11/23/2013, 17:25

Repa,

I did already look at some of the things you suggested - looked at the last modified date, but was just not sure if the hackers had a way of controlling that or not. Did some googling and found the .exe was a legit file just was not sure if it was some way infected. Was pretty sure it was a false positive but just not positive. Just way to many things happening all at once.

Thanks
Fay
Back to top Go down
View user profile
Sponsored content




PostSubject: Re: possible rootkit   

Back to top Go down
 
possible rootkit
View previous topic View next topic Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Geeks, Geeks and More Geeks :: Windows Computer Help :: Computer Security-
Jump to: