cookie365
2013-03-04, 19:25
Hello, I've just done my first rootkit scan in Spybot and it's flagged some results. I have a feeling they're false positives but I'm not sure.
Can anyone advise?
// info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Unknown ADS","C:\Users\All Users\sdpsenv.dat:naughtypirates:$DATA"
File:"Unknown ADS","C:\Users\All Users\TEMP:B0D4D817:$DATA"
File:"Unknown ADS","C:\Users\All Users\GPSoftware\Directory Opus\dopus.cert:naughtypirates:$DATA"
File:"Unknown ADS","C:\ProgramData\sdpsenv.dat:naughtypirates:$DATA"
File:"Unknown ADS","C:\ProgramData\GPSoftware\Directory Opus\dopus.cert:naughtypirates:$DATA"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\","Flyout"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"
I use Directory Opus which might explain some of them - unless of course it's something else pretending to be Directory Opus.
How can I investigate each item to see what it does, where it came from, and what to do with it?
Thanks
Can anyone advise?
// info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Unknown ADS","C:\Users\All Users\sdpsenv.dat:naughtypirates:$DATA"
File:"Unknown ADS","C:\Users\All Users\TEMP:B0D4D817:$DATA"
File:"Unknown ADS","C:\Users\All Users\GPSoftware\Directory Opus\dopus.cert:naughtypirates:$DATA"
File:"Unknown ADS","C:\ProgramData\sdpsenv.dat:naughtypirates:$DATA"
File:"Unknown ADS","C:\ProgramData\GPSoftware\Directory Opus\dopus.cert:naughtypirates:$DATA"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\","Flyout"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"
I use Directory Opus which might explain some of them - unless of course it's something else pretending to be Directory Opus.
How can I investigate each item to see what it does, where it came from, and what to do with it?
Thanks