PDA

View Full Version : RootAlyzer Results



rastelle
2012-01-25, 07:42
Hello to all. This is my first time on the site.
I ran RootAlzer and read the results of the Rootkit removal help file. At the bottom is a button which reads " Pack Suspicious Files ". I do not know if I should press the button , and it reads at the top of log " In case of any doubt, ask for assistance ". I would be greatful if someone could assist me by looking at my results and provide information about what should be done. I really thank you for any time taken to help me. Below are the scan results.
rastelle.


// info: Rootkit removal help file
// copyright: (c) 2008-2009 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP12\Report:kavextended:$DATA"
RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\WRkrn\","$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123"
RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\WRkrn\Instances\","$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123"
RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet004\Services\WRkrn\","$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123"
RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet004\Services\WRkrn\Instances\","$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123"
RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet003\Services\WRkrn\","$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123"
RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet003\Services\WRkrn\Instances\","$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123"

tashi
2012-01-26, 18:33
Hello rastelle,

Hello to all. This is my first time on the site.
I would be greatful if someone could assist me by looking at my results and provide information about what should be done. I really thank you for any time taken to help me

I will ask a detective to advise. :)

Best regards.

Yodama
2012-01-27, 08:50
The RootAlyzer shows items which are invisible to the common Windows user interface, in most cases such invisible entries are suspicious.

The following entry appears to be related to a Kaspersky Antivirus (trial) version:

File:"Unknown ADS","C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP12\Report:kavextended:$DATA"
So this should not pose any threat.

The other entries are hidden registry Keys concerning a service which is usually related to Webroot SecureAnywhere.

If you know that such software is installed on your computer than there appears to be no threat, however if you did not install any of these malware could pretend to be part of these to hide its presence.