חשדתי שיש לי וירוס על המחשב, HijecktThis לא הניב תוצאות (איך שלא אומרים את זה..)

אז סרקתי Rootkit...

השתמשתי בתוכנה RootkitRevealer ושמרתי על קובץ טקסט את הלוג, הנה מה שזה מצא:

קוד:

HKLM\SECURITY\Policy\Secrets\SAC*	12/16/2005 8:37 PM	0 bytes	Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI*	12/16/2005 8:37 PM	0 bytes	Key name contains embedded nulls (*)
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile0  1626.tmp	12/7/2006 2:41 PM	6.01 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile0  4020.tmp	12/7/2006 3:00 PM	4.72 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile0  8188.tmp	12/7/2006 2:41 PM	6.01 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile1  0603.tmp	12/7/2006 2:50 PM	3.75 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile1  4034.tmp	12/7/2006 2:40 PM	4.32 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile1  4950.tmp	12/7/2006 2:51 PM	3.44 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile1  6481.tmp	12/7/2006 2:34 PM	4.36 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile1  8888.tmp	12/7/2006 2:58 PM	4.87 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile1  8998.tmp	12/7/2006 2:37 PM	6.10 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile1  9175.tmp	12/7/2006 2:44 PM	1.65 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile1  9256.tmp	12/7/2006 2:36 PM	3.46 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile1  9521.tmp	12/7/2006 2:35 PM	1.65 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile2  0645.tmp	12/7/2006 2:29 PM	6.29 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile2  3002.tmp	12/7/2006 2:32 PM	3.46 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile2  4130.tmp	12/7/2006 2:47 PM	5.45 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile2  7927.tmp	12/7/2006 2:34 PM	665 bytes	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile2  9087.tmp	12/7/2006 2:29 PM	6.29 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile3  1007.tmp	12/7/2006 2:45 PM	4.32 KB	Hidden from Windows API.
C:\Documents and Settings\children\Application Data\ICQLite\Bartcache\240134883\Temp\ICQTempFile3  1527.tmp	12/7/2006 2:40 PM	665 bytes	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Application Data\Microsoft\Messenger\tnadav@gmail.com\SharingM  etadata\katzron@netvision.net.il\DFSR\Staging\CS{8  5EDCF58-47FF-28AC-3A80-6DCD14FE99F9}\01\11-{85EDCF58-47FF-28AC-3A80-6DCD14FE99F9}-v1-{169DAB4	10/21/2006 9:41 PM	8 bytes	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Application Data\Microsoft\Messenger\tnadav@gmail.com\SharingM  etadata\ofir915@gmail.com\DFSR\Staging\CS{384A7938  -DBE0-6E9B-C467-621EE09541E0}\01\10-{384A7938-DBE0-6E9B-C467-621EE09541E0}-v1-{169DAB41-AE81-	9/8/2006 6:17 PM	8 bytes	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Application Data\Microsoft\Messenger\tnadav@gmail.com\SharingM  etadata\Working\database_E488_C275_88C2_4630\fsr05  698.log	12/7/2006 2:29 PM	128.00 KB	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Application Data\Microsoft\Messenger\tnadav@gmail.com\SharingM  etadata\Working\database_E488_C275_88C2_4630\fsr05  699.log	12/7/2006 2:32 PM	128.00 KB	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Application Data\Microsoft\Messenger\tnadav@gmail.com\SharingM  etadata\Working\database_E488_C275_88C2_4630\fsr05  69A.log	12/7/2006 2:35 PM	128.00 KB	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Application Data\Microsoft\Messenger\tnadav@gmail.com\SharingM  etadata\Working\database_E488_C275_88C2_4630\fsr05  69B.log	12/7/2006 2:38 PM	128.00 KB	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Application Data\Microsoft\Messenger\tnadav@gmail.com\SharingM  etadata\Working\database_E488_C275_88C2_4630\fsr05  69C.log	12/7/2006 2:41 PM	128.00 KB	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Application Data\Microsoft\Messenger\tnadav@gmail.com\SharingM  etadata\Working\database_E488_C275_88C2_4630\fsr05  69D.log	12/7/2006 2:43 PM	128.00 KB	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Application Data\Microsoft\Messenger\tnadav@gmail.com\SharingM  etadata\Working\database_E488_C275_88C2_4630\fsr05  69E.log	12/7/2006 2:46 PM	128.00 KB	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Application Data\Microsoft\Messenger\tnadav@gmail.com\SharingM  etadata\Working\database_E488_C275_88C2_4630\fsr05  69F.log	12/7/2006 2:49 PM	128.00 KB	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Application Data\Microsoft\Messenger\tnadav@gmail.com\SharingM  etadata\Working\database_E488_C275_88C2_4630\fsr05  6A0.log	12/7/2006 2:52 PM	128.00 KB	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Application Data\Microsoft\Messenger\tnadav@gmail.com\SharingM  etadata\Working\database_E488_C275_88C2_4630\fsr05  6A1.log	12/7/2006 2:54 PM	128.00 KB	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Application Data\Microsoft\Messenger\tnadav@gmail.com\SharingM  etadata\Working\database_E488_C275_88C2_4630\fsr05  6A2.log	12/7/2006 2:57 PM	128.00 KB	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Application Data\Microsoft\Messenger\tnadav@gmail.com\SharingM  etadata\Working\database_E488_C275_88C2_4630\fsr05  6A3.log	12/7/2006 2:59 PM	128.00 KB	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Temp\IH1D24.tmp	4/28/2006 8:35 PM	15.06 KB	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Temporary Internet Files\Content.IE5\E96TSB4P\News[1].aspx	12/7/2006 2:59 PM	1.95 KB	Hidden from Windows API.
C:\Documents and Settings\children\Local Settings\Temporary Internet Files\Content.IE5\OXZPBBIU\News[1].aspx	12/7/2006 2:25 PM	1.95 KB	Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\children\My Documents	12/1/2006 7:48 PM	718.31 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/1/2006 7:49 PM	700.40 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/1/2006 7:50 PM	678.64 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/1/2006 7:56 PM	657.75 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/1/2006 7:59 PM	676.72 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/1/2006 7:59 PM	655.60 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/1/2006 8:00 PM	812.45 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/1/2006 8:02 PM	765.30 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/1/2006 8:02 PM	636.07 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/1/2006 8:03 PM	792.50 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/1/2006 9:16 PM	685.65 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/1/2006 9:17 PM	716.92 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/1/2006 9:17 PM	678.39 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 2:45 PM	576.00 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 2:47 PM	751.78 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 2:48 PM	761.34 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 2:49 PM	828.64 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 2:50 PM	832.10 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 2:51 PM	716.50 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 2:52 PM	619.35 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 2:53 PM	754.11 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 2:54 PM	591.97 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 2:55 PM	739.80 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 2:56 PM	585.43 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 2:57 PM	590.92 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/3/2006 4:12 PM	653.94 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 2:58 PM	652.64 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 2:59 PM	650.06 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/3/2006 4:14 PM	734.49 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 3:00 PM	789.53 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 3:00 PM	480.00 KB	Hidden from Windows API.
C:\Documents and Settings\children\My Documents	12/7/2006 3:01 PM	96.00 KB	Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\children\My Documents	12/3/2006 4:35 PM	657.00 KB	Hidden from Windows API.
C:\Program Files\Common Files\Macromedia \bin	1/6/2006 1:03 PM	0 bytes	Hidden from Windows API.
C:\Program Files\Common Files\Macromedia\bin	1/6/2006 1:03 PM	0 bytes	Visible in Windows API, but not in MFT or directory index.

יש מצב שיש לי Rootkit?

ויש עוד תוכנות ליתר ביטחון?

ואם אני יודע שיש לי Rootkit, מה אני עושה עם זה?

התוכנה שהישתמשת בה שווה לתח..... אני ממליץ לך להשתמש בתוכנה הזאת F-Secure Virus
וגרסה של 30 יום תספיק לך להעיף אותם או לגלות שאין לך כלום!!!
<מניסיוני>

עריכה:
לשאלתך מה לעשות....תקרא כאן ותסיק לבד http://www.ynet.co.il/articles/0,7340,L-3157176,00.html

היום האנטי וירוס מתימרים לטפל ב RootKit אבל אני לא הייתי בונה על זה ומפרמט

וחץ מזה למה RootKit מפריע לך?, אם יש לך פרצת אבטחה ענקית בשם ICQ, שהיא בפני עצמה יותר מסוכנת מכל וירוסים והטרויאנים גם יחד!

זה לא אני.. זה אחותי

ואכפת לי כי יש לי על המחשב מידע שאני לא רוצה שהוא יילך לאיבוד..

בלי קשר לוירוסים/טרויאנים/הפסקות חשמל/תקלות חומרה/אחיות שנוגעות במחשב/כוח עליון וכו'.......
הכי חשוב, אם יש לך חומר חיוני על המחשב, אז תגבה ועוד פעם תגבה

Blacklight לא מצא לי כלום, אבל הסריקה לקחה ממש מעט זמן וזה דיי מחשיד אותי, כי לקח ל- Rootkit Revlear לקח חצי שעה לסיים את הסריקה ופה זה היה ממש עניין של כמה דקות...

יכול להיות שזה קשור שזאת גרסת beta? (לא מצאתי גרסא אחרת.. היה עם ממשק, בלי ממשק.. אבל לא בטא\יציב)