Help Request: Rootkit.Agent/Gen-Rx

Ragamuffin · August 17, 2009

Hi, I'm sorry if this is the wrong place for this, the only other forum which seemed like it might be I don't have access to.

Anyway, I just finished a SAS scan, my last one being about 6 days ago, and it turned up "Rootkit.Agent/Gen-Rx", there are 5 items flagged they are: Program files\Epox\eptp\epcpuid64.sys, Program files\Epox\eptp\getbinfile64.sys, Program files\Epox\eptp\hwmdr.sys, Program files\Epox\eptp\scanmemory64.sys and Windows\system32\driver\hwmdr.sys . I've quarantined them and all, and I'm running a second scan now, I'm just look for some advise, I haven't visited any insecure websites that I know of, nor installed anything in since my SAS scan, I run avast scans daily and they haven't detected anything, should I do anything else? Could this be a false positive?

siliconman01 · August 18, 2009

It looks to me like these are all legitimate files. It is best to go to the link below and follow the instructions for submitting as false positives. I would restore them and then rescan and follow the instructions for submitting an FP.

https://www.superantispyware.com/support ... tml?faq=28

Ragamuffin · August 18, 2009

Someone advised me to send the files to VirusTotal.com to make sure, most of them didn't find anything wrong, but "Sunbelt" flagged the two hwmdr.sys files as Trojan, although nothing else did.

siliconman01 · August 18, 2009

Well, I continue to recommend that you submit all of them to SAS and let the SAS gurus analyze them .... inasmuch as it is SAS flagging them as malicious on your system. I suspect that Epox is using the driver properly...although it can/is also used by the cybercriminals in their crapware to do malicious things...which is often the case.

Ragamuffin · August 18, 2009

Forgot the links to the ones listed as Trojans:

Program Files\Epox\EPTP\hwmdr.sys

Windows\system32\drivers\hwmdr.sys

Ragamuffin · August 18, 2009

Well, I continue to recommend that you submit all of them to SAS and let the SAS gurus analyze them .... inasmuch as it is SAS flagging them as malicious on your system.

I will do, I've restored them and am running a scan to see if they get flagged again now.

diesellayer · August 19, 2009

where should I send it, what is their email address? I have a suspected virus keep running on my computer...

Sign In

Help Request: Rootkit.Agent/Gen-Rx

Recommended Posts

Ragamuffin

Share this post

Link to post

Share on other sites

siliconman01

Share this post

Link to post

Share on other sites

Ragamuffin

Share this post

Link to post

Share on other sites

siliconman01

Share this post

Link to post

Share on other sites

Ragamuffin

Share this post

Link to post

Share on other sites

Ragamuffin

Share this post

Link to post

Share on other sites

diesellayer

Share this post

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Browse

Activity