PDA

View Full Version : First time rootkit scan


den44
2013-01-12, 13:53
Hi
I have just installed and run Spybot and it has identified several possible rootkit threats. I need some advice as th what they are and how to deal with them.

The log is shown below: -

// info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Hidden file","C:\Windows\System32\SmartSoft PDF Printer Port"
File:"Unknown ADS","D:\Recorded TV\All Creatures Great and Small\Trimmed\11- The rough and the smooth.mpg:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Recorded TV\All Creatures Great and Small\Trimmed\20090710 New beginnings.mpg:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Recorded TV\All Creatures Great and Small\Trimmed\20090713 Dog Days.mpg:TOC.WMV:$DATA"
File:"Unknown ADS","D:\Recorded TV\All Creatures Great and Small\Trimmed\20090716.mpg:TOC.WMV:$DATA"
File:"Unknown ADS","D:\My Pictures\Microlight\last visit to mappleton 016.AVI:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\My Kindle Content\Aesops-Fables.azw:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\My Kindle Content\Pride-and-Prejudice.azw:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\My Kindle Content\Treasure-Island.azw:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\2023.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\4D Doodler.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\A columbus of space.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\A-Colony-on-Mars.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\A-Voyage-to-Arcturus.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Accidental_Flight.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Advanced_Chemistry.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Aerophilia.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Aesops-Fables.azw:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Agent_to_the_Stars.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Alarm clock.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Alien_Cradle.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Alien_Offer.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\All day September.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Armageddon—2419_A.D..pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Atom_Drive.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\B-12s_Moon_Glow.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Bad medicine.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Beyond the great oblivion.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Beyond the vanishing point.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Binary.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Black_Amazon_of_Mars.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Blessed are the meek.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Blind man's lantern.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Blindsight.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Brain twister.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Bread overhead.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Breaking point.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\By_Earthlight.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Captain_Gardiner_of_the_Inte.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Category_Phoenix.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Cerebrum.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\circle of zero.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\City at world's end.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Code three.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Colours of space.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Conquest_Over_Time.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Contamination_Crew.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Cory_Doctorows_Futuristic_Tales_of_the_Here_and_Now_PDF.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Dream.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Fader-Act-I.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Pride-and-Prejudice.azw:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The affair of the brains.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The beast of space.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The cosmic computer.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The creature from beyond infinity.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The_Aliens.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The_Black_Star_Passes.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The_Black_Tide.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The_Cavern_of_the_Shining_On.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The_Cosmic_Deflector.pdf:uidStream:$DATA"
File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Treasure-Island.azw:uidStream:$DATA"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF022A17F4528853FD.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF07F913C23C9AF376.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF0B5F78F2EFA0D5EB.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF16D0E6C5A83B787B.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF31C5B818C6D2FA52.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF32E9E852C693BEB9.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF3C36106245564951.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF412018BA21EA84E5.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF454682A0D3B9B9D6.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF5B0EAF4E2CFCB222.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF5D02A1896A1C1C2A.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF676795320CA07E44.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF7B9C699204F340CD.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF7E64777AD08D3138.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF82A4E350FCB0970F.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF8F4198E6217E6295.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF967D262FEF05D78D.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF970B858B79C7C91A.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFBC9F43116A367DE8.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFC894CEB9C7174EF9.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFC99E08D9EAEB9C3C.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFCFE033189478DE3B.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFDE63F1915F2D0843.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFEACBA5DDB56D0C2A.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFF9E61919FE1C6D93.TMP"
File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFFF37B8476F0C39FC.TMP"
File:"No admin in ACL","C:\Users\All Users\Microsoft\SLDL\4562d563-878a-48d8-b28e-faf94ad1f77e\00d338a4-b04f-4fe8-9e1f-cad462d1fedb"
File:"No admin in ACL","C:\ProgramData\Microsoft\SLDL\4562d563-878a-48d8-b28e-faf94ad1f77e\00d338a4-b04f-4fe8-9e1f-cad462d1fedb"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\","Flyout"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"


Thanks

Den
spybotsandra
2013-01-14, 16:19
Hello,

That are no rootkits.
The found items is mostly kindle content and e-books, also some recorded tv stuff.
About the temp files I'm not sure.
If you decide to delete them I would recommend to make a system restore point before, in case that are needed files. The deletion is final and can not be recovered through the Quarantine with Spybot.

Best regards
Sandra
Team Spybot
den44
2013-01-18, 12:21
Sandra
Thank you for that reply, is there a way I can stop Spybot from flagging these on future scans?
spybotsandra
2013-01-18, 13:13
Hello,

At the moment not.
But we are improving the rootkit scan feature for upcoming versions.

Bst regards
Sandra
Team Spybot
bbnetwork
2013-01-18, 13:15
Sandra
Thank you for that reply, is there a way I can stop Spybot from flagging these on future scans?

did u try to whitelist the system?