tim's journal

you got infected cos of a security hole. this rootkit just get you the slave after the guy entered in....

I have the same problem, how can I get rid of this ?

How will i remove hacktool.rootkit virus, i tried to quarantine it, but it didnt work.

I just got this thing too. I tried all the above didn't work.. the biggest problem is this thing prevents internet access.

Norton shows that msdirectx.sys is a key file that is reponsible for the virus's actions. Quarantining does no good though since elements within the registry bring the file back again. What I did to trick it was use HexEditor to slightly alter the code by changing where it mentions KeTickCount.ntoskrl.exe and delected the exe. So it read KeTickCount.ntoskrl. This way they msdirectx.sys file still exists but is corrupted to halt the virus from functioning. I also did the same with a file called 216.40.230.4 shop.kazaa.com which appears to be related to the virus since I quarantined that and it came back.

My next step now that my computer is functioning normal again is to clean this shit out.

Hope this helps

i found two computers in the last 2 weksa, different networks, infected with Hacktool.rootkit...the culprit was a file under C:\WINDOWS\SYSTEM32 called 'setup32.exe'. The file cannot be seen/detected unless you go to
TOOLS -> FOLDER OPTIONS -> VIEW
and 'Show hidden files and folders' is checked and 'Hide protected operating system files' is unchecked.

Also check your Task Manager for the file, kill the process, then delete it manually from the SYSTEM32 folder. This should take care of it.

Like the previous post, Norton Antivirus identified a hacktool.rootkit virus and said it was in windows/system32/msdirectx.sys. Norton couldn't remove it, I couldn't view it as a file (even when I changed the configuration to show hidden files) and mircosoft's malicious virus software couldn't find it. I finally found a file under system32 called "McAfee.exe" - I don't have McAfee antivirus on my computer, so I deleted the file - no more virus! Tricky little bugger!

download a great little program called "Killbox" it allows you to delete any file any time and if it can't do it noe it will on reboot.

this SUCKS! nothing works

nope, it takes a random name in a random folder and stays there...

Ok.... I don't know a lot about computers but I figured out how to get rid of hacktool.rootkit after a lot of research. I think the most important step is to end a process called xpjava.exe. After you do this, norton will allow you to quarantine the file msdirectx that appears on your computer, after this you can sucessfully get rid of hacktool.rootkit with a scan from any number of virus scanners, I used Ewido cause it was free. It's not as hard as they make it seem and anybody can be a computer guru!

In my particular case I've found the source in c:\windows\system32\xpjava.exe . This file xpjava.exe is not showed when listing the execution processes because is hidden. I havd to use commands from the old (and good) DOS to modify his attributes. Try to make (in the DOS prompt) anything like : c:\documents and settings\Name of user\.
You'll have to go to c:\windows\system32\ to change the attribute of the file - in my case the xpjava.exe .
When the prompt be in c:\windows\system32\ enter with attrib -h -r -s xpjava.exe (or any other file you'll find) - please verify the correct name of the file. After this, try to delete the file xpjava.exe after reinicializing the computer. Easy ?

Thanks for the useful information, Alex and Yosinaga, I found xpjava.exe and deleted it and the virus is gone.
Thanks again.

i'm having a similar problem and i can't get rid of it...it's showing up in \Windows\system32\msdirect.sys ... can i delete this file? i have a feeling i can't w/out wreaking havoc....let me know...tx!

Hiya,
A million thanks found xpjava deleted it and woohoo the rootkit trojan is finally gone ..

thanks again ..

Syb

deleted xpjava and virus is gone.thank you

Thank you very much Nelson G. Yoshinaga. Your suggestion worked.

This page is really greatful!!!

Thanx a lot guys!!!!!

Hey, I just got said hacktool.rootkit tojan and am trying to get rid of it now, any additional advice on top of what has been posted here before?

I am trying to get rid of the hacktoo.rootkit. I have Windows 2000 and obviously can't find xpjava.exe. Any suggestion?

hi i recently got this trojan and none of the above suggestions seem to be working : (

I removed the trojan from a Windows 2000 as follows:
1) I identified the xpjava.exe file / in my case it was located into C:\winnt\system32
2) Because it was not possible to delete it directly, I copied the xpjava file on the floppy
3) I modified the file attributes on floppy : click on right - mouse and un-click "archive"
4) I copied the file from floppy to C:\winnt\system32 !!! Surpringsly, it was O.K.
5) I was able now to move the xpjava to RecycleBin and to remove it totally.
6) I run the Symantec Norton and quarantined the msdirectx.sys file.
A stupid solution for a stupid trojan !!!

Follow the next steps;
1) Identify the xpjava.exe file ; in my case it was into C:\winnt\system32
2) Copy the xpjava file on a floppy
3) Change attributes of the floppy file (i.e. click on the right-mouse boutton and unclick the archive, in my case)
4) copy back from floppy to C:\winnt\system32.
Surprise ! It can be done and the xpjava.exe can be now moved into the Recycle Bin and removed.
5) I run Symantec Norton which now let me quarantine the msdirectx.sys file

A stupid solution for a STUPID TROJAN !!!!

I recently got a hacktool.rootkit virus and cannot get rid of it. norton detected it but access to the file is denied, i could not find the file in system32. any suggestions.

Hi,
My Norton Antivirus has popped up and told me I have Hacktool.Rootkit on my PC. Found you informative sight on a search. My Norton has quarantined it. Di I just delete it. I have carried out a search for xpjave.exe and cant find that. I have windows Home XP. The norton sight tells me to disable my system restore do another virus update and scan and the restore to an earlier time. If I disable my System Restore I will no longer have a point to restore at as disabling it deletes all the restore points. I would be very grateful for all and any advice.

Thank You

Allen
Just found

Read info so far. very interesting, However Norton antivirus states that hacktool.rootkit is in c:\windows\system32\svko.sys.
I've tried to find the file by changing the attributes but no luck. Any one have the same problem and if so what did you do?
Thanks

i have the same problem but it seems to apperar in Norton by the name of c:/windows/system32/rofl.sys
i used the "Hijackthis" software followed the instructions, and read all of the info above ... i cant find the rofl.gr and a solution to get rid of it..Another thing is that at the Task manager window appears and dissappear a process named skype32 which i cant find. i think that must have something to do with the hacktool.rootkit..
Please i need help on this

i think i have found the way to get rid of it
preform an online scan at panda software website
mine was listed as rofl.sys and a strage process by the name skype32 at the task manager window
i deleted the skype32 with the killbox

last toweek my pc hacktool.rootkit virus attack how can I remove in my pc

I have struck by old stupid trojan, hacktool.rootkit was detected in c:\winnt\system32\. I can't found xpjava.sys or msdirectx.sys or svko.sys or rofl.sys but i have found remon.sys

I don't know if this a new version of hacktool or what but please help me to get rid of this trojan.

my virus is in "i386p.sys" file... motherfucker!!! aaaaaaaaaaaaarrrrrrrrrrrgghhhhh fuck fuck fuck.... i wont remove....

My laptop was infected by "hacktool.rootkit", it was detected by Norton Antivirus in C:\WINDOWS\SYSTEM32\REMON.SYS, but I can't remove it, please help me, thanks a lot!

Good job!

Good job!

Good job!

Good job!

Good job!

Good job!

Good job!

Good job!