Subscribe to How-To Geek

Login / Signup

Welcome to the How-To Geek Forums

We encourage you to register on our forums and post any questions you might have. The How-To Geeks monitor this forum and will respond to your question quickly.

How-To Geek Forums » Windows Vista

Hacktool.unreal

(7 posts)
  • Started 1 month ago by canyouhelpme
  • Latest reply from ScottW
  • Topic Viewed 155 times


canyouhelpme
Posts: 2

Can anyone help?
when doing a Norton Internet Security quick scan it gets blocked bu hacktool.unreal and can not continue. When I go into the registry editor to remove all of the Unreal folders there are none there. Does this mean there is a problem with my Norton or do I actually have Hacktool.unreal messing up my computer?

Posted 1 month ago #
 
ScottW
ScottW
Posts: 2827

Did you read the description of hacktool.unreal at Symantec? It's here:
http://www.symantec.com/securi.....11-4820-99

They say it's a rootkit designed to avoid detection. You might have to boot from a another OS image than the one on your hard drive. Try the removal instructions from Symantec first.

Posted 1 month ago #
 
raphoenix
raphoenix
Posts: 2924

canyouhelpme,

Just out of curiosity, go to link below, download (RootKitRevealer) Program and run it.
http://technet.microsoft.com/e.....a80d9.aspx

Post results.

Kindest Regards,
Rick P.♦:)

Posted 1 month ago #
 
ScottW
ScottW
Posts: 2827

Claire, DO NOT run Rootkit Revealer in Windows Vista. Even if you get it to run, it will give you hundreds, if not thousands, or erroneous errors. For more, see this thread at the SysInternals forums:
http://forum.sysinternals.com/.....?TID=13290

Rick, have you run Rootkit Revealer? Does it work on XP without giving tons of false positives? Notice the date on the RKR page, 11/01/2006. This tool has not been updated for two years!

Posted 1 month ago #
 
raphoenix
raphoenix
Posts: 2924

@ScottW,
OOPS, I missed that this was a Vista Topic which I normally won't respond to.
My Error. Glad you caught it.
In XP, I get (2) Nulls in Registry which are suppose to be there.

Kindest Regards,
Rick P.♦:)

Posted 1 month ago #
 
canyouhelpme
Posts: 2

Thanks for all your advice. Ive used the removal instructions from symantec, which basically says to remove the registry subkeys related to hacktool.unreal, but I dont have these subkeys?

Posted 1 month ago #
 
ScottW
ScottW
Posts: 2827

Claire, it's hard to say what's going on. What version of NIS do you have? It could be that there is a problem with NIS. Or, maybe it is designed to stop if it detects a rootkit because, in theory, if a rootkit has taken over the system there is no way to be certain of a scan result until it is removed. One of the things that rootkits do is to hide themselves and usually hide some other virus or malware. The good news is that the description of this particular rootkit says it does no harm. Of course, if it is causing NIS to stop scanning, that is a kind of harm right there.

Did you do the other steps mentioned in the removal instructions? It says to:
1) Disable System Restore
2) Run a *full* NIS scan in Safe Mode (not a quick scan)

One other thing. What is the exact text of the message that says the scan was blocked by hacktool.unreal? Also, does NIS specify any file(s) or Registry key(s) that are infected? Maybe you have to look in "View History" to see the results of the scan.

Posted 1 month ago #
 

RSS feed for this topic

Reply

You must log in to post.

Sponsored Links
Getting Started
About How-To Geek
What Is That Process?
svchost.exe
jusched.exe
dwm.exe
ctfmon.exe
wmpnetwk.exe 		wmpnscfg.exe
rundll32.exe
wfcrun32.exe
Ipoint.exe
Itype.exe 		Wfica32.exe
Mobsync.exe
Cmd.exe
Dpupdchk.exe Adobe_Updater.exe

Copyright © 2006-2009 HowToGeek.com. All Rights Reserved.