Tag Archives | svchost exe

New Rootkit Patches MOUSE.DRV

I ran across 2 rootkits this week that hid inside of Mouse.drv (in Windows\System32).  Both PC’s had CPU’s pegged to 100% from 2 processes running at 50% each.  The processes were svchost.exe and services.exe.

I tried to run GMER and Combofix in safemode, but neither would finish their scans.  Eventually I had to use my UBCD and Avira found 1 infection…mouse.drv.  I deleted mouse.drv and copied another from the Windows XP disc.

I have no idea what this rootkit did (except to piss me off), I suppose I’ll try and find another and upload it to virustotal.com

Continue Reading · 7

Twitter Updates for 2010-04-22

  • Malware Mules – good reading http://bit.ly/9ygF0g
  • @soggydave Dave is now a tweeting maniac. Loved your blog posts this week btw. in reply to soggydave #
  • A very welcome facebook app – automatic scanning of facebook links for malware
    http://bit.ly/bWcxTK #
  • Malwarebytes and Sunbelt joining forces…sweetness! http://vipre.malwarebytes.org/ #
  • reading the K-9 manual. Gotta get ready for tomorrows review. #
  • mmm…lunch reading An exploration of Rogue AV customer support sites – http://bit.ly/bcpeGZ #
  • I’m done with Firefox. I only have 3 addons and it’s using 1123 MB of RAM!!! That is crazy. #
  • Helllllooo Chrome. So much faster, 23 MB of RAM with 8 tabs open. That is just so awesome. #
  • correction – Chrome spawns a process per tab (actually 3 when you open it) …but man it’s fast. 8 tabs 230 mb RAM #chrome #
  • ooops…mcafee releases an update that deletes svchost.exe! Looks like I’ll be seeing a lot of $$$ this week #mcafee #nai #
  • here’s a fix for the mcafee f*ck up http://vil.nai.com/vil/5958_false.htm lol…good luck regular users!!! #mcafee #nai #
Continue Reading · 3