Endpoint Protection Small Business Edition

 View Only

  • 1.  Hacktool.Rootkit (zap2.c)

    Posted Jan 17, 2010 10:19 PM
    While surfing on a usually safe website my auto-protect detected Hacktool.Rootkit. The file was in the temp internet  folder. It is called zap2.c. The auto-protect feature said it deleted the files. I ran a full av scan and nothing was found. I then turned off system restore and deleted the temp internet folder and rebooted the computer. I ran another full av scan and nothing was detected. I also ran a full Malwarebytes anti malware scan and nothing was found.  Did I actually have (or still have)an infection of Hacktool.Rootkit or was the zap2.c file enough to trigger the detection of a general classification of Hacktool.Rootkit?  Should I reformat my computer?  Thanks


  • 2.  RE: Hacktool.Rootkit (zap2.c)

    Posted Jan 18, 2010 12:28 AM
    I forgot to mention that I also scanned with RootkitRevealer. No problems were found.


  • 3.  RE: Hacktool.Rootkit (zap2.c)
    Best Answer

    Posted Jan 18, 2010 03:51 AM
     https://www-secure.symantec.com/connect/articles/rootkit-intruder-living-your-kernel

    If auto-protect detected the file as hacktool.rootkit then it would have taken additional steps of removing the entries created by the or it would
    have detected the file before downloading creating additional rookit entries to kernel..
    So your system was protected before it could get infected.

    However since you have already scanned with rootkitrevealer then your computer would be clean.


  • 4.  RE: Hacktool.Rootkit (zap2.c)

    Posted Jan 18, 2010 05:36 AM
    Hi Photon,

    You are probably safe.  From your description, it sounds like AutoProtect identified the downloader for that threat and stopped it before it could get installed on your computer.

    It may be a good time to take some preventative action on the network ---  I recommend making sure that all MS patches are up to date, SEP or SAV is up to the latest version, weekly scheduled scans are completeing successfully on all clients, passwords are strong and network shares secured.  A little time spent now is better than a lot of work when an infection gets loose.   

    If any future issues are encountered, please do check back on the forum again or conatct Symantec Technical Support!

    Thanks and best regards,

    Mick



  • 5.  RE: Hacktool.Rootkit (zap2.c)

    Posted Jan 21, 2010 10:41 PM
    Thanks fo the info and the help. Still looks good so far.