PDA

View Full Version : Strange Result



FANTOMAS_06
2008-04-29, 17:29
:oops:
Excuse my English, not very good, but I'am a "French'people" so ...

I had formated my Hard disks then reinstalled my Win XP SR2 and the necessary applications I'm using. This was yesterday, after a hard attack of "Backdoor.win32.Hupigon.tsy" that nothing had resolved. So Formating became more secure.
(Note thay my Antivir is the first thing installed and Uptodate)
Than today, I started the first deep scan with RootAlyser I just discover, and I get this result (The Quick Scan was OK !)

The "Information" says Please do not blindly use this script; in case of any doubt, visit
http://forums.spybot.info/
and ask for assistance !

That's what I'm doing.

// info: Rootkit removal help file
// copyright: (c) 2008 Safer Networking Ltd. All rights reserved.
:: RootAlyzer Results
Directory:"No admin in ACL","C:\System Volume Information"
RegyKey:"Zero char in key

name","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\","System\0"
// Attention: entries with a zero character will not be displayed correctly and may not work!

I'm thinking that some of you know how to change this safely if it seem to be necessary (with Regedit of course)

Thank you very much for your help.
Patrick.

FANTOMAS_06
2008-04-29, 20:34
:euro:
I think that the concern that I exposed did not make yet react anyone!
I know that I am "new" but I try to traverse seriously this forum.
At the end of a moment, my bad English gene me a little...!

Then before leaving you (it is also necessary that I make other things) I try to specify you how is my system: :fear:
Dual-Core E6550 - RAM 4 Go
HDD 500 Go (SATA) and 250 Go (IDE)
Graphics Board ATI PCIe 256 Mo (HD2400Pro)
Engravers CD in IDE, Reader DVD in IDE, Engraver DVD DL in SATA.
(This one and the 2 others entirely realized by my care...)
:cool: Domestic Network with 4 PC (3 fixed + 1 portable) 1 Printer and 1 HDD [NAS] (Ethernet)

This attack :devil: should be interesting to improve our knowledge of means of prevention.
(This is only the second one in 15 years of Informatic)

:spider: Sorry, my English is not better after theses few hours in Forums !
I would also accept your "direct mails" if you prefer.
Good continuation.
[B]Patrick.

PepiMK
2008-04-29, 21:52
The first one wouldn't be a problem, that is an exception that will no longer be shown in the next release. The "System Volume Information" folder is one of the very few cases where it's fine that the Operating System doesn't let you access it :)

As for the other one, do you use O&O Defrag? Some searching reveleaed that O&O Defrag uses this rootkit method here, probably to store license information.