Author Topic: False Positive Rootkit? (I hope)  (Read 5930 times)

0 Members and 1 Guest are viewing this topic.

February 06, 2015, 02:42:47 AM

thelorax

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
False Positive Rootkit? (I hope)
« on: February 06, 2015, 02:42:47 AM »
Hey, just wondering if someone could help me by taking a look at my report.

I use Teamviewer a lot to access my home computer from work. However, I noticed the network at my workplace tunnels into the US and then back to Canada. The first infected file I found was in Teamviewer folder disguised as a .dll file. I did some research and some people say it's a false positive, but now I'm not so sure.

Reply #1February 06, 2015, 12:41:41 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: False Positive Rootkit? (I hope)
« Reply #1 on: February 06, 2015, 12:41:41 PM »
Hi thelorax,

Welcome to Adlice.com Forum.

Your report is clean.
Could you tell me the name and full path of the file you believed to be malicious ?

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.

Reply #2February 06, 2015, 05:24:07 PM

thelorax

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: False Positive Rootkit? (I hope)
« Reply #2 on: February 06, 2015, 05:24:07 PM »
Hey thanks a lot for the answer!  ;D

I actually decided to go ahead and format my computer anyways, it was long overdue and this was just the push I needed.

The file in question was Teamviewer_Resource_sv.dll and was quarantined in my old installation. However I wanted to mention something, after quarantining and rebooting, I noticed the file was back. So I took the file and uploaded it to VirusTotal, and it reported Trojan.Genome and suggested that it was Polymorphic. I also noticed other things happening in my OS, the internet for example would become very, very slow, while other computers on my network were unaffected even after a Router restart. Then I was starting to get BSODs (I got three of them before I formatted) all in the span of two days. I have never had a BSOD before on this system. The BSOD reported that there were multiple IRP complete requests.

My system just became very unstable and no matter what Anti-virus or Anti-malware program I used, nothing was found. I even did a boot scan, and nothing.

I've attached another log of my computer after formatting, just for peace of mind.
« Last Edit: February 06, 2015, 05:31:20 PM by thelorax »

Reply #3February 06, 2015, 09:08:35 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: False Positive Rootkit? (I hope)
« Reply #3 on: February 06, 2015, 09:08:35 PM »
Hi thelorax,

I believe this file to be legit but it seems that your system has been damaged in one way or another.
Formatting could be beneficial in such cases.

Your report is clean, as expected.
All the best.

Reply #4February 06, 2015, 09:44:58 PM

thelorax

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: False Positive Rootkit? (I hope)
« Reply #4 on: February 06, 2015, 09:44:58 PM »
Thanks for the help I really appreciate it. I may stick around and check this place out a little. See you around!  :D

Reply #5February 06, 2015, 11:44:36 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: False Positive Rootkit? (I hope)
« Reply #5 on: February 06, 2015, 11:44:36 PM »
Hi thelorax,

You are welcome.
See you.