Jump to content
Spywarekid

Trojan.Gromozon (Rootkit)

Recommended Posts

Hey

I think I was infected with a virus for a while, then I formated my computer and downloaded SuperAntiSpyware again, and at the beginning nothing happened. I transfered some important data from my other computer (Data that had been on my old-infected drive), scanned and nothing happened.

So I went to sleep, and now today when I woke up it says I have a Trojan.Gromozon (RootKit).

When I remove it, nothing happens, could you please let me know if its anything I should be worried about?

Attached picture, thanks for your time.

16h7oxw.jpg

Share this post


Link to post
Share on other sites

hey, when I delete the virus, and reboot the computer and scan again, it still appears.

Now 5 min ago I made a new scan and it looks like this (this was after rebooting):

b6dgtk.jpg

The ASL files are in MAC right?

I run windows in bootcamp, and the whole virus/threat thing started when I accepted a .PDF file through email (was a fake identity I thought it was not, long story). So I was wondering if this virus has spread to my MAC drive and I cant remove it through windows?

I even formated my MAC and reinstalled the OS X but it still appears, and this datething creaps me out, its like all the stuff I do registers and hes trojan Rootkit can see it?

Anyway, please let me know what I can do, and if this is a fake or real virus, im willing to pay to get it solved, and when I delete and reboot with superantispyware it still appears.

Thanks.

Share this post


Link to post
Share on other sites

Download this : http://info.prevx.com/gromozon.asp and run it, remove what it finds.

Although if you formatted and re-installed both OS's (I assume you have both Mac and Windows installed, not entirelly sure when it comes to Bootcamp never used it), then the problems should be gone.

However, not always the case with some real nasties.

ASL files are usually associated with Adobe Photoshop.

A Mac file extension would be .DMG

Not sure what the AUX refers to....do you use Auslogics ?

Share this post


Link to post
Share on other sites

first of all, thx for taking ur time and try to help me.

I downloaded it, but when I press scan it just reboots my computer, kinda annoying, how do I fix that?

Yes it should be, im pretty chocked, I really hope its not a supernasty virus, but unfortunately it can be since it was a "planned attack".

Auslogics? no never heard of.

The ASL, photoshop thing, you think that could be a way for the attacker to see my screen? Because I think that has been the case in this issue.

Share this post


Link to post
Share on other sites

You could try this : http://support.kaspersky.com/faq/?qid=208283363 but I don't know if it would work on a Mac as I have never tested it on Apple products.

Failing that you could try submitting it as a False Positive and see if SAS can work it out or go the Paid way as I can't see what is happening on your machine each time.

Share this post


Link to post
Share on other sites

Im running bootcamp now so basically in windows, yeah I tried it but it says no viruses. Although it runs in C, I want to run it on my D harddrive but dont know

how to change.

Yeah if I really cant fix it I probably try leave it to someone who can check it for me.

But you think this Trojan.Gromozon (Rootkit) is a threat? Just by the look of it, and by looking at the prints and LOG files? I tried scan my other macbook AIR (using bootcamp)

and this trojan does NOT pop up, which makes me scared.

As I said before I think the hacker that attacked me used something to see my screen, and he might still see it which makes me freak out. None of my passwords

are attacked though, so far all is safe but the fact that he could see my screen could damage me.

But also this could be a false alarm, maybe it pops up because im running windows in bootcamp, the dates on my first printscreen is 08/23, the date when I bought the mac approx.

My theories is that I got infected 20th sep, altough it could also be that the virus infects on this LOG files, and these LOG files are probably where my passwords etc end up.

In theory, is there a virus that can still infest, although i COMPLETELY delete all files on the computer, backups etc?

Share this post


Link to post
Share on other sites

There are Virus's that can do this though they are usually BIOS virus's real nasty pieces of work, don't panic it doesn't appear to be the case here.

You could try searching the file in particular to see where it comes from i.e. D:\Private\Var\Log\Asl\

In the windows format you should be able to see this far in the search menu (depending on the version of Win you are running) when you get to ASL you can right click the ASL file/folder and select "Open File Location".

Then go to Tools --- Folder Options and select the View Tab.

Select "Show Hidden Files or Folders" --- Apply --- OK

You should then be able to see all files/folders hidden on your D:\ drive and in particular in the ASL folder where the AUX file is/are located.

Share this post


Link to post
Share on other sites

yeah I did this, I know where the files are located and ran with superantispyware on just those files and its popping up as a trojan. Tried to upload those files at virustotal.com and ran it with other programs but it didnt show any virus on it.

So it seems to be a false alarm?

I read some on google and found this, thoughts?

http://irhowto.wordpress.com/2012/04/05/flashback-mac-malware-analysis-and-removal/

Seems my windows is clean, I got the virus through bootcamp (windows) but it might have skipped to my MAC drive? Or its just an bug?

Gonna try reformat my MAC drive soon again if it doesnt seem to work. Gonna try some MAC virus removalfixes too but it seems its a false alarm from SAS.

Share this post


Link to post
Share on other sites

seems its apple LOG files, I just reformated my whole apple drive and reinstalled OSX, first thing I do is install bootcamp and windows7 and it finds trojan.gromozon in the LOG files.

Its probably not harmful so I think I can be ok :), unless its a supervirus yet to be discovered...

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×