Virus: Syspack32.exe and dsRDMSPI.dll

  PalaeoBill 12:31 21 Mar 2010

Just spent the morning removing win32:rootkit-gen [rtk] from my laptop and I was wondering if anyone had any further info on it. Source (what put it there) etc.

On boot I got multiple RUNDLL access denied errors trying to load dsRDMSPI.dll

AVAST anti-virus then completed an update and immediately kicked in stating the above dll contained the rootkit-gen [rtk].

One doing a full AVAST scan from boot, it found syspck32.exe in my startup folder and this also contained the rootkit-gen [rtk] as did a couple of my restore points.

I'm pretty vigilant normally and I don't browse the type of sites that harbour such nasties so I would really like to know what the source of this beastie is. Google search isn't showing up much.

Any ideas all you great minds?

  PalaeoBill 12:33 21 Mar 2010

Sorry typo in the title. The beastie should be Syspck32.exe not Syspack32.exe

  johndrew 12:41 21 Mar 2010

Most of the information I found is in Polish, Russian, German and Italian, but I did find this click here. Any help?

  PalaeoBill 13:13 21 Mar 2010

Interesting, I haven't been near any VMWare products!
The only out of the ordinary places I can find in my web history is a search for a cycle machine manual that took be me and some pay to download instruction manual sites (I didn't click on anything in them) and some knitwear pattern searches on ebay that my wife did. I can't see anything suspect in that or anything else in the last two weeks browsing.
Perhaps syspck32.exe is too new and I will have to wait a while to discover what it is.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Huawei MateBook X Pro review

How Pentagram and other design agencies aim to double the number of creative female leaders

How to speed up a slow Mac

Comment résoudre des problèmes d’impressions ?