My BitDefender Antivirus 7.2 has been going on for a long now about a rootkit infection in a Windows process file named "srenum.sys". I don't know how credible BitDefender is when it comes to false positives, so I'm in a bit of a bind here.
Running Windows XP SP2. Have been thinking about upgrading to SP3, but all the times I've done so, the installation fails on a message "The device connected to the system does not work" or something as cryptic, and then cancel the installation process.
I've run SpyBot and Microsoft's own malware tool, but these two haven't picked up anything out of the ordinary. Could some of you lend me send me a copy of their srenum.sys file (preferably the Windows XP SP2 kind, so I can compare the two?
Possible rootkit problem
Moderator: General Mods
Possible rootkit problem
whicker: franpa is grammatically correct, and he still gets ripped on?
sweener2001: Grammatically correct this one time? sure. every other time? no. does that give him a right? not really.
sweener2001: Grammatically correct this one time? sure. every other time? no. does that give him a right? not really.
Re: Possible rootkit problem
http://www.f-secure.com/en_EMEA/product ... lacklight/
http://www.gmer.net/
http://www.sophos.com/products/free-too ... otkit.html
Try them and see if any can remove the infection.
http://www.gmer.net/
http://www.sophos.com/products/free-too ... otkit.html
Try them and see if any can remove the infection.
Core i7 920 @ 2.66GHZ | ASUS P6T Motherboard | 8GB DDR3 1600 RAM | Gigabyte Geforce 760 4GB | Windows 10 Pro x64
Re: Possible rootkit problem
Well, managed to install SP3 without incident (hopefully). I'll get back to you later on the rootkit issue.
EDIT: BitDefender calls the infection "Rootkit.30442", but it changes names depending on the scanner used. I'm just thinking if it's safe to remove simply stop the srenum.sys file and getting rid of it. At least some sites recommend this.
EDIT: BitDefender calls the infection "Rootkit.30442", but it changes names depending on the scanner used. I'm just thinking if it's safe to remove simply stop the srenum.sys file and getting rid of it. At least some sites recommend this.
whicker: franpa is grammatically correct, and he still gets ripped on?
sweener2001: Grammatically correct this one time? sure. every other time? no. does that give him a right? not really.
sweener2001: Grammatically correct this one time? sure. every other time? no. does that give him a right? not really.
Re: Possible rootkit problem
every considered googling the file in question?
Does [Kevin] Smith masturbate with steel wool too?
- Yes, but don’t change the subject.
- Yes, but don’t change the subject.
Re: Possible rootkit problem
Of course. Despite my efforts, I haven't been able to locate a decent site where I could download the file.funkyass wrote:every considered googling the file in question?
whicker: franpa is grammatically correct, and he still gets ripped on?
sweener2001: Grammatically correct this one time? sure. every other time? no. does that give him a right? not really.
sweener2001: Grammatically correct this one time? sure. every other time? no. does that give him a right? not really.
Re: Possible rootkit problem
its not availible... probably because it is a rootkit.
if you have the original XP cd, you should be able to find reference to it, if its supposed to be there.
if you have the original XP cd, you should be able to find reference to it, if its supposed to be there.
Does [Kevin] Smith masturbate with steel wool too?
- Yes, but don’t change the subject.
- Yes, but don’t change the subject.
Re: Possible rootkit problem
given that there are no references anywhere about it being a valid driver, i'm going to agree that it's likely malicious.
if it's part of a rootkit, you'll likely need to hit it from outside windows to completely remove it (mount the drive on another machine or just boot a livecd of some sort).
once in a separate environment, i'd check the creation timestamp on that file and search for all files/directories created around that same time, and consider them highly suspect.
if it's part of a rootkit, you'll likely need to hit it from outside windows to completely remove it (mount the drive on another machine or just boot a livecd of some sort).
once in a separate environment, i'd check the creation timestamp on that file and search for all files/directories created around that same time, and consider them highly suspect.
Why yes, my shift key *IS* broken.
Re: Possible rootkit problem
Also check your hosts file as it may be setup to redirect you to sites that download it again the instant you browse on google or some such.
Core i7 920 @ 2.66GHZ | ASUS P6T Motherboard | 8GB DDR3 1600 RAM | Gigabyte Geforce 760 4GB | Windows 10 Pro x64
Re: Possible rootkit problem
Cheers, got rid of the offending "system" file and another supposed trojan dropper that was hiding.
whicker: franpa is grammatically correct, and he still gets ripped on?
sweener2001: Grammatically correct this one time? sure. every other time? no. does that give him a right? not really.
sweener2001: Grammatically correct this one time? sure. every other time? no. does that give him a right? not really.