Jump to content

Change Mode

AVG reports this yesterday --> Blackhole Exploit Kit Detection


Recommended Posts

Hi everyone, rookie on the forum, but I promise to read and write clearly and follow directions :)

 

Co-worker got this notification from AVG yesterday, and today I also ran the AVG rootkit scan and it picked up "IRP Hook" cannot remove object is hidden.

 

I would like to thoroughly analyze the computer for these issues and any other potential virus/malware.

 

Anyone want to walk me through it step by step? Let me know what information you want to get started!

 

Thanks!

-Justin

Link to post
Share on other sites

used TFC.exe to wipe temp files

used MBAM to rescan and repair selected (reported TDSS.c and JS/Obfuscated Object)

used AVG to full scan and rootkit scan one more time

used TDSS Killer (reported Rootkit.Boot.Pihar.b Harddisk0DR0)

 

While running TDSS killer, got an AVG pop-up warning that 2 more Blackhole exploit attempts were coming in but were blocked (type 2130 AND 1889) One said it was from greatpethealth.com/.......etc and the other from IP 91.200.176.26/....etc. I am assuming this was from some component of a trojan virus trying to reach out through svchost.exe to bring some more payload. There was even an instance of svchost.exe process using 1.5 GB of RAM!!! :D Why this wouldn't have been detected by MBAM or AVG is confusing to me. I'll be monitoring the system closely and if it gives me more trouble, I'll wipe it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...