SiM99
2010-02-04, 23:38
I left RootAlyzer running last night and would like some help with the results, if possible ;)
// info: Rootkit removal help file
// copyright: (c) 2008-2009 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Unknown ADS","I:\windows_profiles\Ian\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63:$DATA"
File:"Unknown ADS","C:\WINDOWS:6C711FAC8B22E47A:$DATA"
File:"Unknown ADS","C:\Program Files\FontExpert\FontExpert.exe:{8DC3F14F-FF96780B-59FE6BB0-7F1B8350}:$DATA"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\","System\0"
// Attention: entries with a zero character will not be displayed correctly and may not work!
Just FYI - I have windows profiles redirected to my I: drive.
I'm pretty sure that I could just delete the desktop.ini file, but I was wondering if this may be an indication of something bigger - SpyBot S&D isn't finding any spyware on my system. (Ad-Aware has found some overnight, but I haven't looked at the results yet)
The second entry rather confuses me. I wouldn't have thought that a directory could have an ADS... but then, why not? hmm... Anyway, I assume that wouldn't be expected (as it's not white listed) so would you say I need to do something about it?
Regarding the zero character in the registry entry; I have used previously O&O Defrag, but no longer do so I am wondering how I would get rid of this entry. I have read that you can do so using RootAlyzer, but just can't see how it would be done. Can anyone help? :)
I just assume that FontExpert.exe is supposed to have an ADS - I haven't had it installed for that long so wouldn't think there was time for anything to "attack" it, lol ;)
Thanks all!
// info: Rootkit removal help file
// copyright: (c) 2008-2009 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Unknown ADS","I:\windows_profiles\Ian\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63:$DATA"
File:"Unknown ADS","C:\WINDOWS:6C711FAC8B22E47A:$DATA"
File:"Unknown ADS","C:\Program Files\FontExpert\FontExpert.exe:{8DC3F14F-FF96780B-59FE6BB0-7F1B8350}:$DATA"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\","System\0"
// Attention: entries with a zero character will not be displayed correctly and may not work!
Just FYI - I have windows profiles redirected to my I: drive.
I'm pretty sure that I could just delete the desktop.ini file, but I was wondering if this may be an indication of something bigger - SpyBot S&D isn't finding any spyware on my system. (Ad-Aware has found some overnight, but I haven't looked at the results yet)
The second entry rather confuses me. I wouldn't have thought that a directory could have an ADS... but then, why not? hmm... Anyway, I assume that wouldn't be expected (as it's not white listed) so would you say I need to do something about it?
Regarding the zero character in the registry entry; I have used previously O&O Defrag, but no longer do so I am wondering how I would get rid of this entry. I have read that you can do so using RootAlyzer, but just can't see how it would be done. Can anyone help? :)
I just assume that FontExpert.exe is supposed to have an ADS - I haven't had it installed for that long so wouldn't think there was time for anything to "attack" it, lol ;)
Thanks all!