Jump to content
Sign in to follow this  
Followers 0
Ragamuffin

Help Request: Rootkit.Agent/Gen-Rx

By Ragamuffin, in General Questions

Recommended Posts

Ragamuffin   

Ragamuffin
Posted

Hi, I'm sorry if this is the wrong place for this, the only other forum which seemed like it might be I don't have access to.

Anyway, I just finished a SAS scan, my last one being about 6 days ago, and it turned up "Rootkit.Agent/Gen-Rx", there are 5 items flagged they are: Program files\Epox\eptp\epcpuid64.sys, Program files\Epox\eptp\getbinfile64.sys, Program files\Epox\eptp\hwmdr.sys, Program files\Epox\eptp\scanmemory64.sys and Windows\system32\driver\hwmdr.sys . I've quarantined them and all, and I'm running a second scan now, I'm just look for some advise, I haven't visited any insecure websites that I know of, nor installed anything in since my SAS scan, I run avast scans daily and they haven't detected anything, should I do anything else? Could this be a false positive?

Share this post

Link to post
Share on other sites

Ragamuffin   

Ragamuffin
Posted

Someone advised me to send the files to VirusTotal.com to make sure, most of them didn't find anything wrong, but "Sunbelt" flagged the two hwmdr.sys files as Trojan, although nothing else did.

Share this post

Link to post
Share on other sites

siliconman01   

siliconman01
Posted

Well, I continue to recommend that you submit all of them to SAS and let the SAS gurus analyze them .... inasmuch as it is SAS flagging them as malicious on your system. I suspect that Epox is using the driver properly...although it can/is also used by the cybercriminals in their crapware to do malicious things...which is often the case.

Share this post

Link to post
Share on other sites

Ragamuffin   

Ragamuffin
Posted
Well, I continue to recommend that you submit all of them to SAS and let the SAS gurus analyze them .... inasmuch as it is SAS flagging them as malicious on your system.

I will do, I've restored them and am running a scan to see if they get flagged again now.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...