PDA

View Full Version : Not sure if I have rootkits or not



cookie365
2013-03-04, 19:25
Hello, I've just done my first rootkit scan in Spybot and it's flagged some results. I have a feeling they're false positives but I'm not sure.

Can anyone advise?


// info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Users\All Users\sdpsenv.dat:naughtypirates:$DATA"
File:"Unknown ADS","C:\Users\All Users\TEMP:B0D4D817:$DATA"
File:"Unknown ADS","C:\Users\All Users\GPSoftware\Directory Opus\dopus.cert:naughtypirates:$DATA"
File:"Unknown ADS","C:\ProgramData\sdpsenv.dat:naughtypirates:$DATA"
File:"Unknown ADS","C:\ProgramData\GPSoftware\Directory Opus\dopus.cert:naughtypirates:$DATA"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\","Flyout"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"

I use Directory Opus which might explain some of them - unless of course it's something else pretending to be Directory Opus.

How can I investigate each item to see what it does, where it came from, and what to do with it?

Thanks

spybotsandra
2013-03-05, 15:15
Hello,

That does not seem to be rootkits.
Some belong to Directory Opus, which you use, some belong to Microsoft and one temp file.

Best regards
Sandra
Team Spybot

cookie365
2013-03-05, 19:39
Hello,

That does not seem to be rootkits.
Some belong to Directory Opus, which you use, some belong to Microsoft and one temp file.

Best regards
Sandra
Team Spybot

Thank you. The Directory Opus people have confirmed that they're genuine Directory Opus files, so I'm happy my PC's clean.