New Rootkit Patches MOUSE.DRV

I ran across 2 rootkits this week that hid inside of Mouse.drv (in Windows\System32).  Both PC’s had CPU’s pegged to 100% from 2 processes running at 50% each.  The processes were svchost.exe and services.exe.

I tried to run GMER and Combofix in safemode, but neither would finish their scans.  Eventually I had to use my UBCD and Avira found 1 infection…mouse.drv.  I deleted mouse.drv and copied another from the Windows XP disc.

I have no idea what this rootkit did (except to piss me off), I suppose I’ll try and find another and upload it to virustotal.com

,