PDA

View Full Version : Rootkit analysis question



grossrm
2012-12-26, 21:42
I ran the rootkit scan from Spybot 2.0.12.0 which gave me back the following:

// info: Rootkit removal help file
// copyright: (c) 2008-2012 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Hidden file","C:\Windows\└ˇo"
...
File:"Invisible to Win32","C:\boott! s"

I've searched everywhere I know and can find no reference to "boott!". Can anyone tell me what I've found?

Thanks,
RMG

spybotsandra
2012-12-27, 16:08
Hello,

That sounds strange, but it can't be said that these files are really bad.
It would help if we can get them as sample and take a look at them.

As they are hidden and invisible, did you change your folder options to make them visible? They should be stored under C:\Windows

Best regards
Sandra
Team Spybot

grossrm
2012-12-31, 01:37
I did change the folder options, and can't locate the files. Spybot claims they are at "C:\boott!" but it doesn't appear to be there or in c:\Windows. I don't have any particular issues, I'd just like to know what they are.

RG

spybotsandra
2013-01-03, 13:08
Hello,

You can create a system restore point at first.
Then try to remove the found entry.

Best regards
Sandra
Team Spybot

grossrm
2013-01-08, 20:13
>>You can create a system restore point at first.
>>Then try to remove the found entry.

Unfortunately, I can't find them. Spybot reports them, and their location, but they don't show up any other way.