LawrenceGH
2008-05-06, 04:46
I have had some apparent spyware problems for some time which have not been detectable by either SpyBot or any of the other Software which I use.
I have run two different versions of RootAlyzer and would appreciate your help in determining what it is that I've got here. Neither of the two versions showed anything in the quick scan. Both showed several results in the deep scan. I question some of the results from the 0.1.4 version which were apparently white listed in the 0.2 version, as some of them appear to be related to files which appear in the log results of the newer version.
Anyhow - here are the results from the 0.1.4 version:
:: RootAlyzer Results
File:"Unknown ADS","C:\RECYCLER\S-1-5-21-996095204-604344382-1343081832-1008\Dc85.pf:SummaryInformation:$DATA"
File:"Unknown ADS","C:\RECYCLER\S-1-5-21-2394979407-4146380186-3720718581-1008\Dc333.exe:SummaryInformation:$DATA"
File:"Unknown ADS","C:\RECYCLER\S-1-5-21-2394979407-4146380186-3720718581-1008\Dc336.exe:SummaryInformation:$DATA"
File:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-2394979407-4146380186-3720718581-1008$201c62cfe381d56.tif:Xj1phwzh5qcwungrN45kt3kiCe:$DATA"
File:"No admin in ACL","C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk"
Directory:"No admin in ACL","C:\System Volume Information"
Directory:"No admin in ACL","C:\USERDATA"
Directory:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2:$DATA"
Here are the results from the 0.2 version:
:: RootAlyzer Results
File:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-2394979407-4146380186-3720718581-1008$201c62cfe381d56.tif:Xj1phwzh5qcwungrN45kt3kiCe:$DATA"
File:"No admin in ACL","C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk"
Directory:"No admin in ACL","C:\USERDATA"
Directory:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2:$DATA"
Hope you can help me with this analysis:police:. Although one or two of the files listed in the 0.2 version APPEAR that they COULD be legitimate:angel: ... I'm not so sure.:spider:
I'm running windows XP, SP2, Media Center Edition on a pentium-D machine.
Any and all help is greatly appreciated!:heart:
Thanks in advance!:)
LawrenceGH:angel:
I have run two different versions of RootAlyzer and would appreciate your help in determining what it is that I've got here. Neither of the two versions showed anything in the quick scan. Both showed several results in the deep scan. I question some of the results from the 0.1.4 version which were apparently white listed in the 0.2 version, as some of them appear to be related to files which appear in the log results of the newer version.
Anyhow - here are the results from the 0.1.4 version:
:: RootAlyzer Results
File:"Unknown ADS","C:\RECYCLER\S-1-5-21-996095204-604344382-1343081832-1008\Dc85.pf:SummaryInformation:$DATA"
File:"Unknown ADS","C:\RECYCLER\S-1-5-21-2394979407-4146380186-3720718581-1008\Dc333.exe:SummaryInformation:$DATA"
File:"Unknown ADS","C:\RECYCLER\S-1-5-21-2394979407-4146380186-3720718581-1008\Dc336.exe:SummaryInformation:$DATA"
File:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-2394979407-4146380186-3720718581-1008$201c62cfe381d56.tif:Xj1phwzh5qcwungrN45kt3kiCe:$DATA"
File:"No admin in ACL","C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk"
Directory:"No admin in ACL","C:\System Volume Information"
Directory:"No admin in ACL","C:\USERDATA"
Directory:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2:$DATA"
Here are the results from the 0.2 version:
:: RootAlyzer Results
File:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-2394979407-4146380186-3720718581-1008$201c62cfe381d56.tif:Xj1phwzh5qcwungrN45kt3kiCe:$DATA"
File:"No admin in ACL","C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk"
Directory:"No admin in ACL","C:\USERDATA"
Directory:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2:$DATA"
Hope you can help me with this analysis:police:. Although one or two of the files listed in the 0.2 version APPEAR that they COULD be legitimate:angel: ... I'm not so sure.:spider:
I'm running windows XP, SP2, Media Center Edition on a pentium-D machine.
Any and all help is greatly appreciated!:heart:
Thanks in advance!:)
LawrenceGH:angel: