Rootkit in Dr Watson

Viruses and worms
1

Rootkit found in files ending 3digraph.dll & others similar.
Also: C\Windows\1386\DRWatson.EX_\FAULTH.DLL
There is still a reboot & scan option after about 8 mins even after the virus database has been updated, more than once.
Is this a real problem or a false positive?
Files are islolated to vault but concerned to delete. Obviously using another 'puter.
Has anyone experienced these particular files? If it is a known virus/viruses how to fix it\them?
Thanks

2

:wink: hi annete 2,

have the files upload them to http://www.virustotal.com/ so that you will know if there are false positive post your result here!!! :slight_smile:

3

False Positive: notepad report from virustotal.com reads:
Complete scanning result of “Simple user interface.txt”, processed in VirusTotal at 12/28/2008 21:44:17 (CET).

[ file data ]

  • name…: Simple user interface.txt
  • size…: 64669
  • md5…: 0871cda84f2bc88451171cf534814e14
  • sha1…: f3f998d8982c53cd29a1fa4ae6cb287356ef3f4e
  • peid…: -

[ scan result ]
a-squared 4.0.0.73/20081228 found nothing
AhnLab-V3 2008.12.25.0/20081227 found nothing
AntiVir 7.9.0.45/20081228 found nothing
Authentium 5.1.0.4/20081228 found nothing
Avast 4.8.1281.0/20081228 found nothing
AVG 8.0.0.199/20081228 found nothing
BitDefender 7.2/20081228 found nothing
CAT-QuickHeal 10.00/20081227 found nothing
ClamAV 0.94.1/20081228 found nothing
Comodo 834/20081228 found nothing
DrWeb 4.44.0.09170/20081228 found nothing
eSafe 7.0.17.0/20081228 found nothing
eTrust-Vet 31.6.6279/20081228 found nothing
Ewido 4.0/20081228 found nothing
F-Prot 4.4.4.56/20081227 found nothing
F-Secure 8.0.14332.0/20081228 found nothing
Fortinet 3.117.0.0/20081228 found nothing
GData 19/20081228 found nothing
Ikarus T3.1.1.45.0/20081228 found nothing
K7AntiVirus 7.10.568/20081227 found nothing
Kaspersky 7.0.0.125/20081228 found nothing
McAfee 5477/20081228 found nothing
McAfee+Artemis 5477/20081228 found nothing
Microsoft 1.4205/20081228 found nothing
NOD32 3719/20081227 found nothing
Norman 5.80.02/20081226 found nothing
Panda 9.0.0.4/20081228 found nothing
PCTools 4.4.2.0/20081228 found nothing
Prevx1 V2/20081228 found nothing
Rising 21.09.62.00/20081228 found nothing
SecureWeb-Gateway 6.7.6/20081228 found nothing
Sophos 4.37.0/20081228 found nothing
Sunbelt 3.2.1809.2/20081222 found nothing
Symantec 10/20081228 found nothing
TheHacker 6.3.1.4.201/20081228 found nothing
TrendMicro 8.700.0.1004/20081226 found nothing
VBA32 3.12.8.10/20081228 found nothing
ViRobot 2008.12.26.1536/20081226 found nothing
VirusBuster 4.5.11.0/20081228 found nothing

Thanks for your help!

4

Well I’m not too surprised as the file you uploaded isn’t the same as the ones you say were detected ???

So where did this “Simple user interface.txt” come from and or how did you generate it ?

5

What exactly did the rootkit report say?