Possible rootkit or is it Bullguard's own files or processes?

Posted 3/8/2013 5:26 PM
#95205
User avatar

121 in Huttoft Member

Date Joined Nov 2016
Total Posts: 2
I have tell-tale signs that I may have a rootkit installed. No regular AV or similar programs pick-up on it (including BG). However have just d/loaded and run GMER (anti-rootkit freeware) and it identifies stuff as follows:

Copy & Paste:

GMER 2.1.19155 - http://www.gmer.net
Rootkit quick scan 2013-03-08 17:21:41
Windows 6.2.9200 \Device\Harddisk0\DR0 -> \Device\0000002e Hitachi_ rev.ST2O 298.09GB
Running: d2mlm8t7.exe; Driver: C:\Users\John\AppData\Local\Temp\pwldypob.sys

---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
AttachedDevice \Driver\tdx \Device\Ip NSNetmon.sys
AttachedDevice \Driver\tdx \Device\Tcp NSNetmon.sys
AttachedDevice \Driver\tdx \Device\Udp NSNetmon.sys
AttachedDevice \Driver\tdx \Device\RawIp NSNetmon.sys
---- EOF - GMER 2.1 ----
There is a suggestion (from my various Googles) that NSNetmon.sys may be Bullguard-related - but I do not know how to interpret the findings of GNER (sounds like Great North Eastern Railway to me). Anyone with any ideas to assist please?
[color="red"]121 in Huttoft[/color]
Posted 3/8/2013 7:13 PM
#95207
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 427
Hi there,


NSNetmon.sys is part of the BullGuard Behavioral engine, which was developed in collaboration with NovaShield.

Best wishes!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: http://www.bullguard.com/support.aspx!
Posted 3/8/2013 7:21 PM
#95209
User avatar

121 in Huttoft Member

Date Joined Nov 2016
Total Posts: 2
Thanks Robert

I assumed as much.

Post closed.
[color="red"]121 in Huttoft[/color]
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, December 11, 2016, 3:30 AM (GMT +1)
There are a total of 61,164 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 4 reply posts.

Who's online

This forum has 37,970 registered members. Please welcome our newest member, MJD.
There are currently no users on-line.