PDA

View Full Version : No admin in ACL



AuroraBorealis7
2009-08-06, 03:08
I just installed RootAlyzer and analyzed for the first time. I am very new to all of this, so need to be coached on the proper steps to follow. Here is the log...My thanks for your help!

*** BEGIN LOG

// info: Rootkit removal help file
// copyright: (c) 2008-2009 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","C:\WINDOWS\system32\CEBA8F6815.sys"
File:"No admin in ACL","C:\WINDOWS\system32\KGyGaAvL.sys"

.... END LOG

AuroraBorealis7
2009-08-06, 03:16
Here's a postscript to my original post, above...

Under your "Help" section, you folks have written:


No admin in ACL

Every file, folder and registry key has associated Access Control Lists. These control which users and user groups may access the object, and how they may do so. RootAlyzer checks various parameters to check whether ACLs are modified and non-standard.

In case of doubt, cross-check by trying to access the listed files or folders in Windows Explorer (regedit.exe for registry entries). Keep in mind though that Microsoft started to hide some system entries of Windows Vista even to administrators (which is a legit security measure). RootAlyzer tries to whitelist those (not showing them in the results list), but updates to Vista may add more, yet unwhitelisted, entries.

I looked for these files with Explorer and could not find either of them.

I am running Windows XP SP3.

Thanks again for your help.