Rootkit Detected

[Guest]

[eaglehorse.houndsofhell]

While running RookitRevealer Comodo AV Quarantined  something called Downloader.JS.Small.fv it is listed as C:\sun\SDK\jmaki\scripts\. Only these two programs have detected it . Haven't tried Hijack This yet but no other programs no eve BOClean has detected it and I know that is a good program because of a past operator error. I have just reinstalled XP and scanned every thing but the updates for Netbeans 6.0 Beta. Was not able ( or intellegent enough) to scan this but none of the security programs detected it . Any Suggestions or help.
 

[Goose18]

AVG have a free Anti-Rootkit it'll detect and remove any that it finds here's the lnik to it http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0

[aladinonl]

I havnt used rkrevealer but as I kno, rkrvl detects suspicious things but whether thing is a real rk or not downs to da user. Da same technic is employed in HJT! u need knowledge & xperience to deal w those apps.

CAVS mite haf false positiv as well.

I have just reinstalled XP and scanned every thing but the updates for Netbeans 6.0 Beta

i dun really get it, u mean u've just installed XP and update Netsbean?
I dun kno wat netsbean is but if ur XP is genuine (i mean not fr a pirate disc or pirate site) and netsbean is legitimate, nothing to wori much. Most probably its a false positiv fr CAVS. 

However, u mite wanna check da file w virustotal at www.virustotal.com
For an anti-rk app which aim at average users, Panda anti-rk (free) is also well-recommended.

[eaglehorse.houndsofhell]

AVG  Rootkit came up with nothing but reran the rootkitRevealer and again Comodo AV Caught it .
I just had to reload the os because something was corrupting files and shutting down comodo firewall and the rest of the security system noting showed up except a .js extention error that was not repaiable.

[aladinonl]

how did u reload OS? ur computer could b infected before u reloaded and the nasty could survive thru da process (yes, it can even if u reformat ur hard disk and instal a fresh new OS).

P.S:I just checked Netbeans and it appears legitimate.
Can u specify how rkrvl describe the nasty?
u can try some online scanners such as Panda, Trendmicro, KAV, Bitdefender, McAfee... to see how
And Important: next time if u wanna reinstal OS after suspected infected, scan for badies before reinstaling to make sure nothings sneakin in ur hard disk. If not, u mite haf a false sense of being secured.

[eaglehorse.houndsofhell]

Before I reloaded my OS I was only able to boot it after that it would lock up . That was this past Fri. The day before I had run Spyware scan it came up with nada . I am using Comodo AV it detected Nada. I had a program from Smallfrogs (I dont remember the name) It only showed a .js extention error.
I reformated the hard Drive and reloaded the OS . ans have been paranoid so I been a good little knucklehead and scanned all my downloaded programs. I am baffled.

[Goose18]

What anti spyware do you have? (Spybot Search & Destroy, Super Anti Spyware, AVG Anti Spyware, A-Squared?)

[eaglehorse.houndsofhell]

I use Spyware Terminator, Comodo BoClean and spywareblaster as a passive defense.

[Goose18]

maybe try spybot search & destroy and super anti spyware and see if any of them find something?

[Japo]

There are even on-line scanners so you don't have to install the full software, for example:

http://www.ewido.net/en/onlinescan/

Anyway don't really know and can't judge your chances of having a rootkit, but if you had it would be hiding malware so it wouldn't be detected by programs that would detect it were it not for the rootkit. About rootkit detection and removal I've heard good things about Blacklight, you can get a free trial beta, I tried it (found nothing) and it's even self-contained. They say it's thorough and also you don't need expertise to judge the results.

http://www.f-secure.com/blacklight/try_blacklight.html

[Tags:]