View Full Version : mp3:TOC.WMV:$DATA

2008-10-22, 08:56
I recently used these MP3 files to make a movie on movie maker.
Now the RootAlyzer says unknown ads, with funny extenstion that isn't visible outside RootAlyzer

What this mean?


File created using RootAlyzer to help your get rid of a rootkit.

Files to delete:
G:\Tunes\Rock\Big Bopper - Chantilly Lace.mp3:TOC.WMV:$DATA
G:\Tunes\Rock\Chuck Berry - Johnny Be Good.mp3:TOC.WMV:$DATA
G:\Tunes\Rock\Jerry Reed - West Bound and Down (Smokey & Tha Bandit).mp3:TOC.WMV:$DATA
G:\Tunes\Rock\Ram Jam - Black Betty.mp3:TOC.WMV:$DATA
G:\Tunes\Rock\Eric Clapton\Eric Clapton - Cream - Crossroads.mp3:TOC.WMV:$DATA
C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA

Folders to delete:

Registry keys to delete:

Registry values to delete:

2008-10-22, 18:18
Since you mentioned Movie Maker in that context: it indeed looks like Movie Maker is storing additional information next to those files it has processed.

That's fine - in cases like these, ADS might be useful :)
I'll add them to the whitelist once I've browsed their contents a bit more :)

Havent seen the DCom one yet. No admin in ACL is OK for deep system stuff... is that Vista?

2008-10-24, 09:48
yes vista ultimate.

I deleted all the DCOM keys thinking I could get rid of dcom, but it re-wrote the keys, now with "no admin in acl"

whatever that means

thanks for the reply