Results 1 to 3 of 3

Thread: RootAlyzer Results

  1. #1
    Junior Member
    Join Date
    Jan 2012
    Posts
    1

    Default RootAlyzer Results

    Hello to all. This is my first time on the site.
    I ran RootAlzer and read the results of the Rootkit removal help file. At the bottom is a button which reads " Pack Suspicious Files ". I do not know if I should press the button , and it reads at the top of log " In case of any doubt, ask for assistance ". I would be greatful if someone could assist me by looking at my results and provide information about what should be done. I really thank you for any time taken to help me. Below are the scan results.
    rastelle.


    // info: Rootkit removal help file
    // copyright: (c) 2008-2009 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP12\Report:kavextended:$DATA"
    RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\WRkrn\","$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123"
    RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\WRkrn\Instances\","$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123"
    RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet004\Services\WRkrn\","$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123"
    RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet004\Services\WRkrn\Instances\","$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123"
    RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet003\Services\WRkrn\","$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123"
    RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet003\Services\WRkrn\Instances\","$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123"

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    32,662

    Default

    Hello rastelle,
    Quote Originally Posted by rastelle View Post
    Hello to all. This is my first time on the site.
    I would be greatful if someone could assist me by looking at my results and provide information about what should be done. I really thank you for any time taken to help me
    I will ask a detective to advise.

    Best regards.
    Microsoft MVP. Consumer Security 2006-2014


  3. #3
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,111

    Default

    The RootAlyzer shows items which are invisible to the common Windows user interface, in most cases such invisible entries are suspicious.

    The following entry appears to be related to a Kaspersky Antivirus (trial) version:
    Code:
    File:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP12\Report:kavextended:$DATA"
    So this should not pose any threat.

    The other entries are hidden registry Keys concerning a service which is usually related to Webroot SecureAnywhere.

    If you know that such software is installed on your computer than there appears to be no threat, however if you did not install any of these malware could pretend to be part of these to hide its presence.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •