New Rootkit Patches MOUSE.DRV

I ran across 2 rootkits this week that hid inside of Mouse.drv (in Windows\System32).  Both PC’s had CPU’s pegged to 100% from 2 processes running at 50% each.  The processes were svchost.exe and services.exe.

I tried to run GMER and Combofix in safemode, but neither would finish their scans.  Eventually I had to use my UBCD and Avira found 1 infection…mouse.drv.  I deleted mouse.drv and copied another from the Windows XP disc.

I have no idea what this rootkit did (except to piss me off), I suppose I’ll try and find another and upload it to virustotal.com

,

7 Responses to New Rootkit Patches MOUSE.DRV

  1. wblake June 23, 2010 at 1:31 am #

    wow i ran a scan with GMER this week and it wouldn’t complete its scan either you think i could have the same thing. im not able to get the UBCD i have Vista and everyone i know either have Vista or Windows 7 what do you recommend for me

  2. Daniel Snyder June 23, 2010 at 2:42 am #

    What was Avira identifying this as? How did you determine it was rootkit?

  3. Daniel Snyder June 23, 2010 at 2:56 am #

    Were these vista systems by any chance?

  4. Adam June 23, 2010 at 2:23 pm #

    That’s the thing though, with rootkits how do you ever know you removed them all?

  5. Chester June 24, 2010 at 2:03 am #

    Can rootkits get any worst than this? They seem to be getting worst by the minute.

  6. Christos June 27, 2010 at 5:01 pm #

    why didn’t you check to see if any suspicious processes where running in safemode when you were scanning with GMER and ComboFix?

  7. nick July 3, 2010 at 4:06 am #

    well im lucky to have win 7 64 os

Leave a Reply