| View previous topic :: View next topic |
| Author |
Message |
SteveBarnett
Trooper
Joined: Aug 26, 2004
Posts: 20
Location: UK
|
 Posted: Tue Jul 11, 2006 8:01 am Post subject: Help interpreting IceStorm outputs |
|
|
I rane IceStorm and found nothing highlighted in red in any of the results except the SSDT report. In there, I see three items in red (NtConnectPort, NtOpenProcess and NtOpenThread).
Unfortunately, the "KModule" is shown as "Unknown" which is what is worrying me.
So, I suppose the question is, should I be worried, given that there are no highlighted entries in any of the other sections?
Thanks
Steve
|
|
| Back to top |
|
 |
swatkat
Security Expert
Joined: Mar 04, 2005
Posts: 2039
|
| Posted: Tue Jul 11, 2006 11:39 am Post subject: |
|
|
Hi,
Some times IceSword doesn't display the driver's name in the "KModule" tab of SSDT section. Some security software like AntiViruses, FireWalls etc hook the SSDT. In these cases also, IceSword shows them in red color. But, since it's not showing the name of the driver, lets use another tool to scan the system.
Please download GMER and extract it to a folder. Next, run the Gmer.exe program and click the "Rootkit" tab. Now, select these options from the list that is shown at the right-side of the GMER main window:-
- System
- Devices
- Processes
- Libraries
- Modules
- Services
- Registry
- Files
Next, select all the disk partitions (C:\, D:\ etc) from the list. Do NOT select the "Show All" option. Finally, click "Scan" and allow the scan to complete.
When the scan is completed, click "Copy" to copy the log and please post it back here.
_________________
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
- Albert Einstein
|
|
| Back to top |
|
|
SteveBarnett
Trooper
Joined: Aug 26, 2004
Posts: 20
Location: UK
|
| Posted: Tue Jul 11, 2006 12:28 pm Post subject: |
|
|
Thanks for helping. This is the log I got from GMER:
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-11 13:25:31
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.10 ----
SSDT 860F9220 ZwConnectPort
SSDT 8632F220 ZwOpenProcess
SSDT 861C0428 ZwOpenThread
---- Registry - GMER 1.0.10 ----
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION
E5129C8F76ED8FA012012288FB54877BF4D1C180F42A2C6F7FE727ED046
47EDCDE45B76DF1D9634B61D81D23F6E2D3D5A9621637D701DBA9B16A
29D953976F1323BC94D45FB785207BFE9F3BB2FD0A4CF9D4A6172376A53
D6D0E90B8529EBFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127B
ECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8E
DD5E5BE2F6E667A6A0AC4980AC7933BA7FD869164D6794A9C6AECB7A5
D14075C36C8043027C922A5DEE9DEBD96E211C16305EF5823E64F65C82
83B4D508B6D1D1E09EA4D8728BF8649B33531C3A4E5A517C91553938B3
03B1EDB547460A14FBCF9C463320B905449C623FE0EDC2301C1FD58AE8
1BE8A68DD159807A7C8C0E2DF7691C6759DEBC555C09ABBF797DD7EDE
607980B5C61CEB1572B27B8CB7F98F72F5EAC3AA184492D3565DBF189C
FB1189BA5B21CAC020BEEE2D5F2F4BD18651210E315CED4C4B4AB55993
301988C5FD113A0E7E9B37967B3D723A7291AC40B75E07A5E55D7CD211
2ED04A072BECA71E0AC409D60A28A6D194A2C0E99253A665E0E072891C
63559E3377711580CEB25F4C71A23E7A869882CDD2D58E8345DB11A24A
22C6CFAAECBF00BADDFBD2A61C41740A1B9C55B7DC6507CA3FAD1D76
278761AA246DA4735A56943E47B25CE13CDB6310122D86150463A08728
E71ECCF227201BCA24C7517F5434D8CA045CE110D53
(Edited above string by Mod to remove wide posts since word-wrap not functioning.) 
---- Files - GMER 1.0.10 ----
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{EBE7F5B4-9626-4FB0-8C04-62912E099CB4}
---- EOF - GMER 1.0.10 ----
None of it makes any sense to me, naturally!
|
|
| Back to top |
|
|
SteveBarnett
Trooper
Joined: Aug 26, 2004
Posts: 20
Location: UK
|
| Posted: Thu Jul 13, 2006 7:19 am Post subject: |
|
|
Has anyone else got any suggestions as to how I find out what these three mysterious entries are in the SSDT and whether I should be worrying about them or not?
Thanks
Steve
|
|
| Back to top |
|
|
gmer
Trooper
Joined: May 29, 2006
Posts: 33
|
| Posted: Thu Jul 13, 2006 12:50 pm Post subject: |
|
|
Hi Steve
| SteveBarnett wrote: | Has anyone else got any suggestions as to how I find out what these three mysterious entries are in the SSDT and whether I should be worrying about them or not?
|
Many "good" drivers making similar hooks. Please create one more log:
GMER >> Rootkit Tab >> Select only Processes + Modules + Show all >> Copy >> Ctrl + V
Regards
|
|
| Back to top |
|
|
SteveBarnett
Trooper
Joined: Aug 26, 2004
Posts: 20
Location: UK
|
| Posted: Thu Jul 13, 2006 1:09 pm Post subject: |
|
|
Thanks for replying. These are the results you're asking for:
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-13 14:08:35
Windows 5.1.2600 Service Pack 2
---- Processes - GMER 1.0.10 ----
Process Sytem Idle 0
Process System 4
Process C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe 216
Process C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe 288
Process C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe 304
Process C:\WINDOWS\system32\spoolsv.exe 600
Process C:\WINDOWS\system32\oodag.exe 772
Process C:\WINDOWS\System32\smss.exe 780
Process C:\WINDOWS\system32\csrss.exe 972
Process C:\WINDOWS\system32\winlogon.exe 996
Process C:\WINDOWS\system32\services.exe 1040
Process C:\WINDOWS\system32\lsass.exe 1052
Process C:\Program Files\BigFix\bigfix.exe 1192
Process C:\WINDOWS\system32\svchost.exe 1228
Process C:\WINDOWS\system32\svchost.exe 1296
Process C:\WINDOWS\Explorer.EXE 1368
Process C:\WINDOWS\System32\svchost.exe 1400
Process C:\WINDOWS\system32\svchost.exe 1524
Process C:\WINDOWS\system32\svchost.exe 1568
Process C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe 1584
Process C:\Program Files\Common Files\Symantec Shared\ccProxy.exe 1656
Process C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 1724
Process C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe 1728
Process C:\Program Files\Pure Text 2\PureText.exe 1760
Process C:\Program Files\Norton Internet Security\ISSVC.exe 1776
Process C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe 1792
Process C:\WINDOWS\system32\CTsvcCDA.EXE 1808
Process C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe 1820
Process C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe 1840
Process C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 2044
Process C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS 2092
Process C:\Program Files\Norton Internet Security\ccEmFlSv.exe 2108
Process C:\WINDOWS\system32\slserv.exe 2204
Process C:\WINDOWS\system32\svchost.exe 2244
Process C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 2272
Process C:\WINDOWS\system32\wdfmgr.exe 2360
Process C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe 2368
Process C:\Program Files\NewzCrawler\News.exe 2548
Process C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe 2568
Process C:\Program Files\Digital Media Reader\shwiconem.exe 2696
Process C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe 2704
Process C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe 2712
Process C:\WINDOWS\system32\igfxtray.exe 2720
Process C:\WINDOWS\system32\hkcmd.exe 2732
Process C:\WINDOWS\system32\igfxpers.exe 2752
Process C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe 2784
Process C:\Program Files\Common Files\Symantec Shared\ccApp.exe 2808
Process C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe 2860
Process C:\Program Files\Microsoft IntelliType Pro\itype.exe 2948
Process C:\Program Files\Microsoft Hardware\Mouse\point32.exe 3052
Process C:\WINDOWS\System32\alg.exe 3136
Process C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe 3216
Process C:\Program Files\Skype\Phone\Skype.exe 3428
Process C:\Program Files\Firetrust\Benign\B9.exe 3444
Process C:\Program Files\PDT\VoIPVoice Integrations\VoIPVoice Integration.exe 3496
Process C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe 3524
Process C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe 3908
Process C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe 4484
Process C:\Program Files\TNT\TNT.EXE 4716
Process C:\Program Files\Internet Explorer\iexplore.exe 4808
Process C:\Program Files\Internet Download Manager\IDMan.exe 5064
Process D:\Work\gmer.exe 5816
---- Modules - GMER 1.0.10 ----
Module \WINDOWS\system32\ntkrnlpa.exe 804D7000
Module \WINDOWS\system32\hal.dll 806E2000
Module \WINDOWS\system32\KDCOM.DLL F7B52000
Module \WINDOWS\system32\BOOTVID.dll F7A62000
Module ACPI.sys F7523000
Module \WINDOWS\system32\DRIVERS\WMILIB.SYS F7B54000
Module pci.sys F7512000
Module isapnp.sys F7652000
Module pciide.sys F7C1A000
Module \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F78D2000
Module aliide.sys F7B56000
Module cmdide.sys F7B58000
Module toside.sys F7B5A000
Module viaide.sys F7B5C000
Module intelide.sys F7B5E000
Module MountMgr.sys F7662000
Module ftdisk.sys F74F3000
Module PartMgr.sys F78DA000
Module VolSnap.sys F7672000
Module cpqarray.sys F7A66000
Module \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F74DB000
Module atapi.sys F74C3000
Module aha154x.sys F7A6A000
Module sparrow.sys F78E2000
Module symc810.sys F7A6E000
Module aic78xx.sys F7682000
Module dac960nt.sys F7A72000
Module ql10wnt.sys F7692000
Module amsint.sys F7A76000
Module asc.sys F78EA000
Module asc3550.sys F7A7A000
Module mraid35x.sys F78F2000
Module i2omp.sys F78FA000
Module ini910u.sys F7A7E000
Module ql1240.sys F76A2000
Module aic78u2.sys F76B2000
Module symc8xx.sys F7902000
Module sym_hi.sys F790A000
Module sym_u3.sys F7912000
Module ABP480N5.SYS F791A000
Module asc3350p.sys F7922000
Module cd20xrnt.sys F7B60000
Module ultra.sys F76C2000
Module adpu160m.sys F74AA000
Module dpti2o.sys F792A000
Module ql1080.sys F76D2000
Module ql1280.sys F76E2000
Module ql12160.sys F76F2000
Module perc2.sys F7932000
Module perc2hib.sys F7B62000
Module hpn.sys F793A000
Module cbidf2k.sys F7A82000
Module dac2w2k.sys F747E000
Module disk.sys F7702000
Module \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F7712000
Module fltMgr.sys F745F000
Module sr.sys F744D000
Module drvmcdb.sys F7438000
Module PQV2i.sys F7422000
Module KSecDD.sys F740B000
Module Ntfs.sys F737E000
Module NDIS.sys F7351000
Module sisagp.sys F7722000
Module viaagp.sys F7732000
Module RecAgent.sys F7A86000
Module ohci1394.sys F7742000
Module \WINDOWS\system32\DRIVERS\1394BUS.SYS F7752000
Module Mup.sys F7336000
Module agp440.sys F7762000
Module alim1541.sys F7772000
Module amdagp.sys F7782000
Module agpCPQ.sys F7792000
Module \SystemRoot\system32\DRIVERS\nic1394.sys F7802000
Module \SystemRoot\system32\DRIVERS\intelppm.sys F7892000
Module \SystemRoot\system32\DRIVERS\ialmnt5.sys F6C2A000
Module \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F6C16000
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys F6BF0000
Module \SystemRoot\system32\DRIVERS\b57xp32.sys F6BCF000
Module \SystemRoot\system32\DRIVERS\usbuhci.sys F79F2000
Module \SystemRoot\system32\DRIVERS\USBPORT.SYS F6BAC000
Module \SystemRoot\system32\DRIVERS\usbehci.sys F79FA000
Module \SystemRoot\system32\DRIVERS\slntamr.sys F6B49000
Module \SystemRoot\system32\DRIVERS\SlWdmSup.sys F7272000
Module \SystemRoot\system32\DRIVERS\Mtlmnt5.sys F6B2A000
Module \SystemRoot\System32\Drivers\Modem.SYS F7A02000
Module \SystemRoot\system32\DRIVERS\parport.sys F6B16000
Module \SystemRoot\system32\DRIVERS\i8042prt.sys F72F6000
Module \SystemRoot\system32\DRIVERS\kbdclass.sys F7A0A000
Module \SystemRoot\system32\DRIVERS\serial.sys F72E6000
Module \SystemRoot\system32\DRIVERS\serenum.sys F725E000
Module \SystemRoot\system32\DRIVERS\imapi.sys F72D6000
Module \SystemRoot\system32\DRIVERS\cdrom.sys F72C6000
Module \SystemRoot\system32\DRIVERS\redbook.sys F72B6000
Module \SystemRoot\system32\DRIVERS\ks.sys F6AF3000
Module \SystemRoot\System32\Drivers\GearAspiWDM.SYS F7A12000
Module \SystemRoot\system32\DRIVERS\audstub.sys F7CA9000
Module \SystemRoot\system32\DRIVERS\rasl2tp.sys F72A6000
Module \SystemRoot\system32\DRIVERS\ndistapi.sys F7256000
Module \SystemRoot\system32\DRIVERS\ndiswan.sys F6ADC000
Module \SystemRoot\system32\DRIVERS\raspppoe.sys F7296000
Module \SystemRoot\system32\DRIVERS\raspptp.sys F77A2000
Module \SystemRoot\system32\DRIVERS\TDI.SYS F7A1A000
Module \SystemRoot\system32\DRIVERS\psched.sys F6ACB000
Module \SystemRoot\system32\DRIVERS\msgpc.sys F6DE4000
Module \SystemRoot\system32\DRIVERS\ptilink.sys F7A22000
Module \SystemRoot\system32\DRIVERS\raspti.sys F7A2A000
Module \SystemRoot\system32\DRIVERS\termdd.sys F6DD4000
Module \SystemRoot\system32\DRIVERS\mouclass.sys F7A32000
Module \SystemRoot\system32\DRIVERS\swenum.sys F7BE8000
Module \SystemRoot\system32\DRIVERS\update.sys F6A97000
Module \SystemRoot\system32\DRIVERS\mssmbios.sys F7242000
Module \SystemRoot\System32\Drivers\NDProxy.SYS F6DC4000
Module \SystemRoot\system32\drivers\sthda.sys AA776000
Module \SystemRoot\system32\drivers\portcls.sys AA754000
Module \SystemRoot\system32\drivers\drmk.sys F6DA4000
Module \SystemRoot\system32\drivers\sfng32.sys F6D94000
Module \SystemRoot\system32\DRIVERS\usbhub.sys F6D74000
Module \SystemRoot\system32\DRIVERS\USBD.SYS F7BEE000
Module \SystemRoot\system32\drivers\MODEMCSA.sys F7222000
Module \SystemRoot\System32\Drivers\i2omgmt.SYS F7BF0000
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS F7BF2000
Module \SystemRoot\System32\Drivers\Null.SYS F7C9A000
Module \SystemRoot\System32\Drivers\Beep.SYS F7BF4000
Module \SystemRoot\System32\drivers\vga.sys F7A42000
Module \SystemRoot\System32\Drivers\mnmdd.SYS F7BF6000
Module \SystemRoot\System32\DRIVERS\RDPCDD.sys F7BF8000
Module \SystemRoot\System32\Drivers\Msfs.SYS F7A4A000
Module \SystemRoot\System32\Drivers\Npfs.SYS F7A52000
Module \SystemRoot\system32\DRIVERS\rasacd.sys F7212000
Module \SystemRoot\system32\DRIVERS\ipsec.sys AA6F9000
Module \SystemRoot\system32\DRIVERS\tcpip.sys AA6A1000
Module \SystemRoot\System32\Drivers\SYMTDI.SYS AA661000
Module \??\C:\Program_Files\Symantec\SYMEVENT.SYS AA644000
Module \SystemRoot\System32\Drivers\SYMREDRV.SYS F720E000
Module \SystemRoot\system32\DRIVERS\ipnat.sys AA623000
Module \SystemRoot\system32\DRIVERS\wanarp.sys F6D54000
Module \SystemRoot\System32\Drivers\SYMDNS.SYS F7BFE000
Module \SystemRoot\System32\Drivers\SYMNDIS.SYS F77B2000
Module \SystemRoot\System32\Drivers\SYMFW.SYS AA55A000
Module \SystemRoot\system32\DRIVERS\arp1394.sys F77C2000
Module \SystemRoot\System32\Drivers\SYMIDS.SYS F7A5A000
Module \SystemRoot\system32\DRIVERS\netbt.sys AA502000
Module \SystemRoot\System32\drivers\ws2ifsl.sys F70EE000
Module \SystemRoot\System32\drivers\afd.sys AA4E0000
Module \SystemRoot\system32\DRIVERS\netbios.sys F77D2000
Module \??\C:\Program_Files\Common_Files\Symantec_Shared\SPBBC\SPBBCDrv.sys AA48E000
Module \??\C:\Program_Files\Norton_Internet_Security\Norton_AntiVirus\SAVRTPEL.SYS AA47B000
Module \SystemRoot\system32\DRIVERS\rdbss.sys AA450000
Module \SystemRoot\System32\Drivers\PQNTDrv.SYS F7D5A000
Module \SystemRoot\System32\Drivers\PQIMount.SYS F77F2000
Module \SystemRoot\system32\DRIVERS\mrxsmb.sys AA391000
Module \SystemRoot\System32\Drivers\Fips.SYS F7812000
Module \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys F796A000
Module \SystemRoot\system32\DRIVERS\USBSTOR.SYS F7972000
Module \SystemRoot\system32\DRIVERS\uac4pdt.sys F7266000
Module \SystemRoot\system32\DRIVERS\usbccgp.sys F797A000
Module \SystemRoot\system32\DRIVERS\hidusb.sys F7262000
Module \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F7822000
Module \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F7982000
Module \SystemRoot\system32\DRIVERS\HSFHWCD2.sys AA35F000
Module \SystemRoot\system32\DRIVERS\HSF_DP.sys AA260000
Module \SystemRoot\system32\DRIVERS\HSF_CNXT.sys AA1B8000
Module \SystemRoot\system32\DRIVERS\usbscan.sys AA750000
Module \SystemRoot\system32\drivers\usbaudio.sys F7882000
Module \SystemRoot\system32\DRIVERS\mouhid.sys AA404000
Module \SystemRoot\system32\DRIVERS\IPFilter.sys AA400000
Module \SystemRoot\System32\Drivers\Fastfat.SYS AA0F5000
Module \SystemRoot\System32\Drivers\dump_atapi.sys AA0B5000
Module \SystemRoot\System32\Drivers\dump_WMILIB.SYS F7B96000
Module \SystemRoot\System32\win32k.sys BF800000
Module \SystemRoot\System32\drivers\Dxapi.sys AA138000
Module \SystemRoot\System32\watchdog.sys F6D34000
Module \SystemRoot\System32\drivers\dxg.sys BF000000
Module \SystemRoot\System32\drivers\dxgthk.sys F7CE7000
Module \SystemRoot\System32\ialmdnt5.dll BF020000
Module \SystemRoot\System32\ialmrnt5.dll BF012000
Module \SystemRoot\System32\ialmdev5.DLL BF042000
Module \SystemRoot\System32\ialmdd5.DLL BF073000
Module \SystemRoot\system32\DRIVERS\ndisuio.sys A9F85000
Module \SystemRoot\system32\drivers\wdmaud.sys A9970000
Module \SystemRoot\system32\drivers\sysaudio.sys AA5C3000
Module \SystemRoot\system32\drivers\kmixer.sys A9923000
Module \SystemRoot\system32\DRIVERS\mrxdav.sys A966F000
Module \SystemRoot\System32\drivers\BrPar.sys F6D3C000
Module \SystemRoot\System32\Drivers\Cdfs.SYS A99BD000
Module \SystemRoot\system32\DRIVERS\srv.sys A95F5000
Module \SystemRoot\system32\DRIVERS\mdmxsdk.sys A9A79000
Module \??\C:\WINDOWS\system32\drivers\symlcbrd.sys F6D44000
Module \??\C:\Program_Files\Norton_Internet_Security\Norton_AntiVirus\SAVRT.SYS A8BD7000
Module \SystemRoot\System32\Drivers\HTTP.sys A8AC2000
Module \SystemRoot\system32\DRIVERS\asyncmac.sys A8A22000
Module \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20060710.095\symidsco.sys A7E54000
Module \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\NavEx15.Sys A7D92000
Module \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\NAVENG.Sys A7D80000
Module \SystemRoot\System32\DRIVERS\gmer.sys A7F24000
Module \WINDOWS\system32\ntdll.dll 7C900000
---- EOF - GMER 1.0.10 ----
|
|
| Back to top |
|
|
gmer
Trooper
Joined: May 29, 2006
Posts: 33
|
| Posted: Thu Jul 13, 2006 1:29 pm Post subject: |
|
|
Look here:
http://www.techsupportforum.com/showpost.php?p=553620&postcount=83
| Code: | SSDT 855EE1F8 ZwConnectPort
SSDT 854FACF8 ZwOpenProcess
SSDT 8550B400 ZwOpenThread |
| Code: | SSDT 860F9220 ZwConnectPort
SSDT 8632F220 ZwOpenProcess
SSDT 861C0428 ZwOpenThread |
I think, they are Symantec hooks.
Regards
|
|
| Back to top |
|
|
SteveBarnett
Trooper
Joined: Aug 26, 2004
Posts: 20
Location: UK
|
| Posted: Thu Jul 13, 2006 1:56 pm Post subject: |
|
|
I'm sorry, but I don't understand the reply. Can you tell me what leads you to the conclusion that they're Symantec?
I followed the link to the other post and can see that they have similar entries to mine, but I don't see how you made the link to Symantec (though I can perfectly well understand that this is the kind of thing they would do!).
Sorry for being a bit stupid.
Steve
|
|
| Back to top |
|
|
gmer
Trooper
Joined: May 29, 2006
Posts: 33
|
| Posted: Thu Jul 13, 2006 2:22 pm Post subject: |
|
|
| SteveBarnett wrote: | I'm sorry, but I don't understand the reply. Can you tell me what leads you to the conclusion that they're Symantec?
|
I have seen it many times on Windows with NAV.
Try to stop NAV & its drivers and then make a log .
|
|
| Back to top |
|
|
SteveBarnett
Trooper
Joined: Aug 26, 2004
Posts: 20
Location: UK
|
| Posted: Thu Jul 13, 2006 2:41 pm Post subject: |
|
|
Understood and thanks.
I'll need to fiddle around with the machine before I can disable my anti-virus and that'll take a while, so we should consider this post closed rather than have you hanging on for me to post new stuff.
Appreciate the help.
Steve
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
