Help me analyse log-file results please [Archive]

View Full Version : Help me analyse log-file results please

Haemel

2009-04-18, 18:30

// info: Rootkit removal help file
// copyright: (c) 2008 Safer Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Users\All Users\TEMP:5C321E34:$DATA"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\global.js"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\HpuFunction.dll"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\HPWUCli.exe"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\hpwuSchd2.exe"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\main.hta"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\SelfUpdate.exe"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\SoftwareUpdate.dll"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\unicows.dll"
Directory:"No admin in ACL","C:\Program Files\HP\HP Software Update"

Matt

2009-04-18, 23:56

Hi Haemel,

all entries from HP should be good. Did you do an software update from HP while scanning with RootAlyzer?
The first entry shouldn't be there, you can find more information here (http://forums.spybot.info/showthread.php?t=27628).

Haemel

2009-04-19, 07:22

Thanks for your answer.

No I didn't update HP. But, like you, I think they are OK. I have a HP-pc here.

2nd. I do not see a special solution in the thread you mentioned for the TEMP map, except that I should mail you the "packed" file?

Haemel

Haemel

2009-04-19, 08:26

After I sent the packed cabfile to you e-mail adress I did a deep scan again. It showed me the HP 'no admin in ACL' remarks again, but NOT the TEMP line anymore!

Another discovery:
- the TEMP map was created when I installed Windows Vista on my system
- the TEMP map was changed with a scheduled Windows Vista update on april 15

Haemel