RootKit: RalinkRegistryWriter

Viruses and worms
1

SVC: RalinkRegistryWriter > C:Program Files\EDIMAX\Common\RalinkRegistryWriter.exe

I have attached the scan logs from the multiple programs however OTL freezes before the scan finishes every time.

Had a pop up from Avast the other day- detection of Rootkit. Chose to delete, I was then prompted to restart so that Avast could do a boot Scan however the RootKit remains. Every time I turn on the computer within 5-10 minutes i will get Avast prompting me of this. Before I came across this site, I scanned with both MBAM and Super Anti-Spyware - both picked up nothing.

I have now come across this site. Scanned with MBAM again today which has picked up a Trojan.

The OTL Scan freezes (not responding), i have tried it 3 times, its gets to “scanning Firefox Settings” and freezes. Any ideas?

I will keep trying with the OTL scan.

thanks in advance for you help.

2
I have attached the scan logs from the multiple programs however OTL freezes before the scan finishes every time.
try run it from safe mode....
3

That is a suspicious file as it is related to your wireless and does write to the registry could you upload to virus total for a check please

4

Worked in safemode, Thanks Pondus - OTL logs attached.

Essexboy - results from virus total

SHA256: 4b5b9e79994a82644b4c7cc2bb96e31176a4701d5f3cfde06ab0cc274553b6c6
SHA1: 0494bd1bf529a7601a17b343c6a94c360ecaac88
MD5: 2daa6cf9773f22b72a1a98ef2a6eafdf
File size: 52.5 KB ( 53760 bytes )
File name: RalinkRegistryWriter.exe
File type: Win32 EXE
Detection ratio: 0 / 47
Analysis date: 2013-10-21 22:22:51 UTC ( 0 minutes ago )

Thanks for your help.

5

https://www.virustotal.com/en/file/4b5b9e79994a82644b4c7cc2bb96e31176a4701d5f3cfde06ab0cc274553b6c6/analysis/
First submission 2009-09-01 00:43:43 UTC ( 4 years, 1 month ago )

essexboy has probably gone to bed now, so check back tomorrow…

6

I would call that a false positive so next time it pops up select report as a false positive

7

Thank you both for you help.

Is there any way to be 100% sure?

The Avast warning has popped up, however there is no option to report as a False Positive only Delete or Ignore.

Thanks.

8

Select ignore, the file name is legitimate and to date I have seen no malware imitating it. Plus there were no other indicators in the log :slight_smile:

9

Ok, thank you for all your help!! :slight_smile: