PDA

View Full Version : Are these rootkits



Creature
2013-03-13, 05:15
Could someone please tell me if these are rootkits (attached screenshot).

I'm running Windows 8 pro 64bit
Hardware: Microsoft Surface Pro

Edit: oh yeah, also the quick scan has a red x on one of the entries and says:

"Master Boot Records
1MBR checked
Unknown MBRs: PhysicalDrive0"

Thanks!

spybotsandra
2013-03-13, 12:39
Hello,

The complete file path would help which is visible in the RootAlyzer log.
C:\ProgramData\Spybot - Search & Destroy\Logs

But I do not think that this is a Rootkit.
That are just hidden files.

If you get ‘No admin in ACL’ this thread in our forum should help explaining:
Unknown ADS and no Admn in ACL what is good and what is bad??? (http://forums.spybot.info/showthread.php?t=27446)
(http://forums.spybot.info/showthread.php?t=67275)
Malware sometimes uses rootkit technology to hide itself at system level.
This makes it undetectable by standard tools. Our plugins help Spybot – Search & Destroy to detect this form of malware.
Our Rootkit Scanner tool shows anything that uses certain rootkit technologies. But items with rootkit properties detected here are not necessarily malware. Sometimes, legit software uses rootkit technologies to hide registration data or other things it does not want the user to see in any case. So please keep in mind that the Rootkit Scanner only flags suspicious stuff, not identifying just bad stuff.

The deletion is final and can not be recovered through the Quarantine.
If you still want to remove the found items it is strongly recommend to create a system restore point (http://windows.microsoft.com/en-US/windows-vista/System-Restore-frequently-asked-questions) before doing that.

Best regards
Sandra
Team Spybot

Creature
2013-03-14, 02:20
Thanks, spybotsandra!

Here's the log:

// info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"

spybotsandra
2013-03-14, 16:35
Hello,

They are legit and nothing to worry about.

Best regards
Sandra
Team Spybot

Creature
2013-03-25, 01:33
Wonderful! Thanks so much!