Today, Avast found a rootkit on my computer. I got a screenshot of it:
http://pixpipeline.com/st/2316b6adda2b.png
I don’t know if that is a false positive or not, but I deleted it anyway, just to be safe. I don’t know how it got there, because I haven’t done anything different lately, and I did the same things I always do. Also, after I restarted my computer, Avast blocked something from connecting to: electronicssense-search.com. I hope I’m not infected with anything serious.
Did a MBAM scan and it found 3 items. Here is the log:
Malwarebytes’ Anti-Malware 1.41
Database version: 2905
Windows 5.1.2600 Service Pack 3
10/4/2009 4:13:23 PM
mbam-log-2009-10-04 (16-13-23).txt
Scan type: Quick Scan
Objects scanned: 100243
Time elapsed: 9 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) → Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) → Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) → Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\drivers\8c41affb.sys (Rootkit.Rustock) → Delete on reboot.