PDA

View Full Version : Spyeye Rootkit is alive but AV refuses to detect it



Danny252
10-04-2012, 02:24 PM
Edit: Seems to be sorted now, typically I only thought up a solution after posting.

As of yesterday, Avast has been complaining pretty regularly that C:\jau38uj.bin\50BE4DF0031.exe is attempting to connect to a dodgy url (I'll avoid posting it for obvious safety reasons!). A bit of google-fu shows that this behaviour is linked to the Spyeye rootkit, which probably sneaked in via a bad google result I came across yesterday.

The problem is that, whilst Avast is seemingly preventing it from actually doing anything, it's also not actually detecting it. I ran a full scan last night and nothing came up, so I installed Ad-Aware and gave that a run, but again got nothing detected. The folder it's in is obviously sneakily hidden, and whilst the command prompt admits it exists when I try and use "del", it fails silently.

Thoughts on getting rid of it? If nothing else, it's annoying having Avast pop up every 5 minutes.

SMiD
10-04-2012, 02:32 PM
Malwarebytes. Get to it.

Danny252
10-04-2012, 02:57 PM
I knew I'd forgotten the obvious second program to try (which, to even further my foolishness, is already installed).

I think I managed to kick it out manually by booting into safe mode and deleting it from there - will give Malwarebytes a go as well, naturally.