PDA

View Full Version : evil rootkits or legit rootkits ?



patman
2013-03-28, 02:24
Hello there.

First, i'd like to thank you for your work and the answers you give on this forum.

Then, i'd like to show you my rootalyzer log, because there are some lines I worry about.

// info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Hidden file","C:\Windows\0"
File:"Unknown ADS","D:\Dropbox\033.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\tintin-1.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\time lapse\au bureau.mp4:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\time lapse\au bureau2.mp4:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\time lapse\aubureau12.mp4:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\time lapse\aubureau3.mp4:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\tbnd\BND.bmp:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\pognon\trop perçu impôts.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Photos\homer-woohoo-42.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Photos\Hong-Kong-skyline.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\orange\forfaits.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\montages\2013.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\montages\20130222_090924.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\montages\flo.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\montages\nuage.bmp:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\montages\wallpaper-batman-year-one-dvd-movie.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\escrime\Riot A.C.T. - Blade Demo 2008 - YouTube! [freecorder.com].webm:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\escrime\sarah_0.mp4:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 09.09.24.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 14.47.03.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 15.24.04.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 16.50.48.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 16.55.55.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 17.01.41.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-23 17.09.36.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-03-04 12.58.45.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-03-04 12.58.50.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-03-04 12.58.58.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-03-09 19.52.17.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-03-12 19.49.24.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\Patrick\Documents\Scanned Documents\Bienvenue.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Patrick\AppData\Local\6HgTuuQBb:eaPbMd81WEnPVZ2zjg7iE9a:$DATA"
File:"Unknown ADS","C:\Users\Patrick\AppData\Local\Temp:DUKZkumMrwEVGyOQoWj0cDF:$DATA"
File:"No admin in ACL","C:\Users\Patrick\AppData\Local\Google\Google Talk Plugin\googletalkplugin_port"
File:"No admin in ACL","C:\Users\Patrick\AppData\Local\Google\Google Talk Plugin\googletalkplugin_ws_port"
File:"Unknown ADS","C:\Users\All Users\Microsoft:BkiauIJwtrO5c531xn4biU67:$DATA"
File:"Unknown ADS","C:\Users\All Users\Microsoft:UgB5XBkxxNSVD1KwAMZGbV:$DATA"
File:"Unknown ADS","C:\Users\All Users\Temp:07BF512B:$DATA"
File:"Unknown ADS","C:\ProgramData\Microsoft:BkiauIJwtrO5c531xn4biU67:$DATA"
File:"Unknown ADS","C:\ProgramData\Microsoft:UgB5XBkxxNSVD1KwAMZGbV:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared:3qcAEh56R9OFU7H0dHs5d3:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\W3y1Th6Q:VsC3ntI5XbAS5xndnl8oP:$DATA"

I think Dropbox files are OK, but what about the Windows hidden file and the non Dropbox ones ?

Thank you,
best regards,
p.

spybotsandra
2013-03-28, 13:30
Hello,

I'm not sure about these ones:

File:"Unknown ADS","C:\Users\Patrick\AppData\Local\6HgTuuQBb:eaPbMd81WEnPVZ2zjg7iE9a:$DATA"
File:"Unknown ADS","C:\Users\Patrick\AppData\Local\Temp:DUKZkumMrwEVGyOQoWj0cDF:$DATA"
File:"Unknown ADS","C:\Users\All Users\Temp:07BF512B:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\W3y1Th6Q:VsC3ntI5XbAS5xndnl8oP:$DATA"

If you want you can delete them.
But the deletion is final and can not be recovered through the Quarantine.
If you still want to remove the found items it is strongly recommend to create a system restore point (http://windows.microsoft.com/en-US/windows-vista/System-Restore-frequently-asked-questions) before doing that.

Best regards
Sandra
Team Spybot

patman
2013-03-28, 13:36
Thank you Sandra.

And what about the hidden file in C: ?

Best,
p.

spybotsandra
2013-03-28, 14:24
Hello,

That could be a hidden system file.
But if you make a restore point anyway, you can fix it too and see if there are any system problems or if everything runs fine after deleting it.

Best regards
Sandra
Team Spybot