Results 1 to 2 of 2

Thread: Rootkit Deep Scan Results: Action needed?

  1. #1
    Junior Member
    Join Date
    Sep 2014
    Posts
    1

    Default Rootkit Deep Scan Results: Action needed?

    Hi. I recently was getting some alerts from Comcast's Constant Guard stating that I had a few bots. After doing some research, I found that these alerts may be bogus. Regardless, just to be on the safe side, I ran a bunch of maleware detection programs, all of which came up negative. However, when I ran SPYBOT's Rootkit analyzer doing a deep scan, it reported several items. I have a feeling these items are benign, but I thought I'd post them here just to get your opinion if any of these items warrant additional action. Here is the log report:

    // info: Rootkit removal help file
    // copyright: (c) 2008-2014 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"No admin in ACL","C:\System Recovery"
    File:"Unknown ADS","C:\Users\Ken\AppData\Local:EJ29y8bxQ4wgi95FLvUn:$DATA"
    File:"Unknown ADS","C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Cookies:CgERIV9qwc9AvhvnOFrK7yfUE4:$DATA"
    File:"Unknown ADS","C:\Users\Ken\AppData\Local\Temp:zs1Jaj3wgScd242J78Px7:$DATA"
    File:"Unknown ADS","C:\Users\Ken\AppData\Local\VirtualStore\ProgramData\Microsoft:FnVSjFwDzgCtgx0wg:$DATA"
    File:"Unknown ADS","C:\Users\Ken\AppData\Local\VirtualStore\ProgramData\Microsoft:zViiSBebxsZOszQh7woOHTCWZ:$DATA"
    File:"Unknown ADS","C:\Users\Ken\AppData\Local\Temp\acrord32_sbx:zs1Jaj3wgScd242J78Px7:$DATA"
    File:"Unknown ADS","C:\Users\Ken\AppData\Local\Microsoft\Windows\Temporary Internet Files\XdviHgbQA:aO28ciz6LSf2paJ0Gt2Al08:$DATA"
    File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
    File:"Unknown ADS","C:\ProgramData\Kaspersky Lab\AVP14.0.0\Report:kisextended:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"


    Thanks in advance!

    Ken

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello tka.klein,

    In general all items found by the RootAlyzer are not necessarily malicious but shows items it believes to be out of the ordinary and may give a hint for an infection.

    Sometimes even legitimate software uses rootkit technologies, the log doesn't look out of the ordinary.

    How is the computer running?

    Meanwhile reading the link you provided it appears Comcast is having a bad week.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •