View Full Version : False Positive on scan fir Root Kit?

2013-03-14, 19:41
Dear all,
I ran SD 2 on Windows 7, 64bit Lenovo Pentium machine and got a red flag (suspicious file found) on the Root Kit "Quick Scan' and was advised to run a Deep Scan.

The Deep Scan ran but from my novice understanding the Deep Scan results looked OK?

Not sure if attachment upload worked so the two screen shots are also inserted, hopefully.

Any insights appreciated...

P.S. When you save the results to a log file where is the default dir. they end up in?
Regards Rob.

2013-03-15, 12:43

The complete file path would help which is visible in the RootAlyzer log.
C:\ProgramData\Spybot - Search & Destroy\Logs

But I do not think that this is a Rootkit.
That are just hidden files, probably also temp files.

If you get ‘No admin in ACL’ this thread in our forum should help explaining:
Unknown ADS and no Admn in ACL what is good and what is bad??? (http://forums.spybot.info/showthread.php?t=27446)

Malware sometimes uses rootkit technology to hide itself at system level.
This makes it undetectable by standard tools. Our plugins help Spybot – Search & Destroy to detect this form of malware.
Our Rootkit Scanner tool shows anything that uses certain rootkit technologies. But items with rootkit properties detected here are not necessarily malware. Sometimes, legit software uses rootkit technologies to hide registration data or other things it does not want the user to see in any case. So please keep in mind that the Rootkit Scanner only flags suspicious stuff, not identifying just bad stuff.

The deletion is final and can not be recovered through the Quarantine.
If you still want to remove the found items it is strongly recommend to create a system restore point before doing that.

Best regards
Team Spybot