Just discovered that I have a rootkit installed in my system. Don't know how long it has been there. All I know is while I was watching my process in my system when suddenly I saw explorer.exe was trying to access seneka in the registry. I know what I installed in my computer and seneka was not one of them. I searched in my registry for the key but it couldnt be seen.
I scanned my pc for virus using NOD32 and there was none found. Searched in the net for seneka and there were not much info at all. Then I found out that seneka is a root kit. No wonder my AV cannot detect it. And no wonder lately I have a lot of problem with BSOD when I was shutting down my pc. Especially after using Media Player Classic.
The site ThreatExpert have the best explanation of what it does. But it is not enough.
I found this site that have a list of rootkits remover. http://blogs.techrepublic.com.com/networking/?p=736
I tried a few of them.
i)Trend cant detect at all.
ii)Sophos quite good.
iii)Gmer- yes.
iv) Ice-sword- dunno how to use.
I found that there are a few files in my system folder with seneka as the file name but I could not see them. I have enabled show hidden and system files but it was useless. Doesn't even show that it exists.
Only when I tried to name a file with the name seneka*, that I know that the file exists. Anyway any files that I named starting with seneka* will soon be hidden/deleted/moved/ or anything at all!!!
After I had used the rootkit remover only then my AV can detect the seneka files in the system folder and identify it as a trojan.
6 years ago
No comments:
Post a Comment