|
|||||||
 |
|
|
Thread Tools |
Nov 9, 2006, 10:44 PM
|
#1 |
|
HardwareHeaven Addict
Join Date: Oct 2003
Posts: 261
Rep Power: 0  |
!!!!Kx recognized as virus_infected?read
Hi guys.
Just for safety and to controll,i did run a "gromozon_removal"tool. gromozon is a rootkit virus. Result was I was infected ,and the infection resides on some kx files (AT THE END of the post i paste the log) MY question: is it a "mismatch" , so that could lead to a problem with other antivirus to other of You using Kx? ...or i was effectevely affected by the rootkit? Note:! The cleaner did'nt find infected files at first scan,but just after the reboot ("extensive scan option").i'll post the link The Log:: _______------___________________ Gromozon-Related Malicious Code Detected! FileName: C:\WINDOWS\LastGood\system32\kxctrl.exe Removed! Gromozon-Related Malicious Code Detected! FileName: C:\WINDOWS\system32\kxctrl.exe Removed! Gromozon-Related Malicious Code Detected! FileName: C:\WINDOWS\system32\kxefxtube.kxl Removed! Gromozon-Related Malicious Code Detected! FileName: C:\WINDOWS\system32\ReinstallBackups\0007\DriverFi les\kxctrl.exe Removed! Trojan.Gromozon Removed! ____________________ The cleaner_TOOL i've used is located here: http://aknow.prevx.com/zeroL/AT5722C.exe almost 720kb , a little file (i have scanned ,is NOT a virus or malware itself) prevx is an antivirys/antimalware
__________________
audio: Audigy 2 platinum SB0240 - amd 939 175 opty- *Backup: Sblive 5.1 platinum (w.live drive) Sb060* DVDwriter : pioneer 107, nec 3540A windows XP |
|
|
|
Nov 9, 2006, 11:45 PM
|
#2 |
|
HardwareHeaven Extreme Member
Join Date: Jan 2005
Posts: 5,563
Rep Power: 62  |
It is more likely that those files were mis-identified, or were infected by the virus on your system.
|
|
|
|
|
Nov 9, 2006, 11:52 PM
|
Thread Starter
#3
|
|
|
HardwareHeaven Addict
Join Date: Oct 2003
Posts: 261
Rep Power: 0 |
thanks Russ
i don have the main virus.The program found traces of Quote:
good night people!
__________________
audio: Audigy 2 platinum SB0240 - amd 939 175 opty- *Backup: Sblive 5.1 platinum (w.live drive) Sb060* DVDwriter : pioneer 107, nec 3540A windows XP |
|
|
|
|
|
Nov 10, 2006, 12:19 AM
|
#4 |
|
HardwareHeaven Extreme Member
Join Date: Jan 2005
Posts: 5,563
Rep Power: 62 |
What prompted you to run the removal tool in the first place?
I have not run the removal tool myself (maybe I will later, just to see what it says), as I am in the middle of something and cannot reboot right now, but I do have anti-virus software and AdAware, and neither of them show any problems on my system. Additionally, I ran the RootkitRevealer tool and did not see anything there, and my firewall shows no suspicious activity. |
|
|
|
|
Nov 10, 2006, 02:46 AM
|
#5 | |
|
Apple Fanboy?
|
some AV apps produce false positives with certain apps (AVG decided my Quake 4 DVD was a virus and refused to open the autorun until i disabled it)
if you downloaded kX from an official source (either from the main website, or the beta links from this forum) you should have nothing to worry a bout
__________________
Chris - The Aussie Super Mod
Hardwareheaven Rules - Sig Request Thread How you can help HardwareHeaven by using Digg! Hardwareheaven Super-Moderator Quote:
|
|
|
|
|
|
Nov 10, 2006, 02:54 AM
|
#6 |
|
HardwareHeaven Extreme Member
Join Date: Jan 2005
Posts: 5,563
Rep Power: 62 |
The link you provided does not work, but I downloaded the removal tool from http://www.prevx.com/gromozon.asp (no direct link as file name appears to be randomly generated). I ran the tool and got similar results as you.
The cleaner part did not find anything, asked if I wanted to continue with removal, I clicked OK and rebooted. Here is the log from the scan after booting: ------------------------------------------------ Removal tool loaded into memory Gromozon rootkit component not detected - searching for other components Scanning: C:\WINDOWS Scanning: C:\Program Files\Common Files Gromozon-Related Malicious Code Detected! FileName: C:\WINDOWS\system32\kxctrl.exe Removed! Gromozon-Related Malicious Code Detected! FileName: C:\WINDOWS\system32\kxefxtube.kxl Removed! Trojan.Gromozon Removed! ------------------------------------------------ I still think it is probably a false detection, but I cannot say for sure. At least you know it is not just you.  If anyone else tries the removal tool, be warned that it will wipe out kX Console (kxctrl.exe), and EFX TubeDrive (kxefxtube.kxl). |
|
|
|
|
Nov 10, 2006, 08:25 AM
|
Thread Starter
#7
|
|
|
HardwareHeaven Addict
Join Date: Oct 2003
Posts: 261
Rep Power: 0 |
Quote:
!!Note that :cleaner DID'nt erase "kxctrl.exe" present in "C:\Program Files\kX Audio Driver\3538 " directory, just the one on windows32 directory , are those different somehow? So i have to reinstall kx (repair option) to regain kxctrl? or just copying the one in program files? ______________ to answer your question about why i checked. i visit a forum (hwupgrade,in italy ). some of them were infected by that gromozom (which prevents surfing the net freely, i did'nt apparently, but i have checked for safety.
__________________
audio: Audigy 2 platinum SB0240 - amd 939 175 opty- *Backup: Sblive 5.1 platinum (w.live drive) Sb060* DVDwriter : pioneer 107, nec 3540A windows XP |
|
|
|
|
|
Nov 10, 2006, 11:13 AM
|
#8 | ||
|
HardwareHeaven Extreme Member
Join Date: Jan 2005
Posts: 5,563
Rep Power: 62 |
Quote:
For EFX TubeDrive, you can run the installer, and choose only to install the FX Pack. Quote:
Last edited by Russ; Nov 10, 2006 at 11:25 AM. |
||
|
|
|
|
| Thread Tools | |
|
|
