Possible rootkit or is it Bullguard's own files or processes?

Posted 3/8/2013 5:26 PM
#95205
User avatar

121 in Huttoft Member

Date Joined Nov 2016
Total Posts: 2
I have tell-tale signs that I may have a rootkit installed. No regular AV or similar programs pick-up on it (including BG). However have just d/loaded and run GMER (anti-rootkit freeware) and it identifies stuff as follows:

Copy & Paste:

GMER 2.1.19155 - http://www.gmer.net
Rootkit quick scan 2013-03-08 17:21:41
Windows 6.2.9200 \Device\Harddisk0\DR0 -> \Device\0000002e Hitachi_ rev.ST2O 298.09GB
Running: d2mlm8t7.exe; Driver: C:\Users\John\AppData\Local\Temp\pwldypob.sys

---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
AttachedDevice \Driver\tdx \Device\Ip NSNetmon.sys
AttachedDevice \Driver\tdx \Device\Tcp NSNetmon.sys
AttachedDevice \Driver\tdx \Device\Udp NSNetmon.sys
AttachedDevice \Driver\tdx \Device\RawIp NSNetmon.sys
---- EOF - GMER 2.1 ----
There is a suggestion (from my various Googles) that NSNetmon.sys may be Bullguard-related - but I do not know how to interpret the findings of GNER (sounds like Great North Eastern Railway to me). Anyone with any ideas to assist please?
[color="red"]121 in Huttoft[/color]
Posted 3/8/2013 7:13 PM
#95207
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 427
Hi there,


NSNetmon.sys is part of the BullGuard Behavioral engine, which was developed in collaboration with NovaShield.

Best wishes!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: http://www.bullguard.com/support.aspx!
Posted 3/8/2013 7:21 PM
#95209
User avatar

121 in Huttoft Member

Date Joined Nov 2016
Total Posts: 2
Thanks Robert

I assumed as much.

Post closed.
[color="red"]121 in Huttoft[/color]
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, May 28, 2017, 6:25 PM (GMT +2)
There are a total of 61,214 posts in 13,468 threads.
In the last 3 days there were 2 new threads and 3 reply posts.

Who's online

This forum has 38,033 registered members. Please welcome our newest member, shaynahamilton.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.