I took a few appointments this weekend and witnessed the same infection over and over again…Figaro.sys. The Figaro.sys rootkit is dropped in c:\windows\system32\drivers (on vista) and on XP i’ve seen it in the DLLCACHE folder.
I don’t know exactly what it does but I can give you the symptoms:
- Random reboots
- Virtumonde drops
- Very slow logins
I removed Figaro.sys with Killbox (quick and dirty removal utility). Combofix was run, however it DID NOT detect this rootkit. I should mention that detection was made possible via KAV 7.
{ 4 comments… read them below or add one }
WOW
last day i had a rotkit but not like yours
but my pc olso robot every 5-10 mints
i kill hem with AVIRA antiVir AVIRA have a manual scan for rotkits ..
he find hem and kild hem ^^
Yup, Avira does a great job at killing rootkits.
knowledge is not useless, Aviram friends!!!!
I got this rootkit too, and Avira removes it… But every time I restart the computer it comes out again. I think it’s working together with other malawares: braviax.exe and msword98. These last two days were a real hell and the problem is still not over = =