PDA

View Full Version : As Intended: Norton component identified as a rootkit



Tech83
2013-04-23, 23:25
Hi! All,

The following: Type: Folder
Object: SrtETmp
Location: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\
Details: No admin in ACL

is identified as being a rootkit by the Rootkit scanner in Spybot S&D 2.0.12.0; this is not a rootkit but a crucial component for Norton Internet Security, Norton 360 and Norton Antivirus to properly function. Please make the appropriate adjustments to Spybot S&D 2.0 to prevent this false positive from occuring as less aware users of both programs may instruct Spybot to remove this crucial component of Norton products causing the Norton products to crash and giving Spybot an un-needed bad name.

Tech83

Yodama
2013-04-24, 08:43
Hello,

thank you for reporting this.
The separate rootkit scanner within Spybot S&D 2 is an advanced tool meant to be used by advanced users only.
As opposed to the signature based standard scan which will find rootkit infections based on signatures the separate rootkit scan scans for system anomalies indicating the presence of unknown rootkits.
That is also the reason why there is no direct cleaning function in the rootkit scanner.

In this case the admin in ACL (Access Control List) is missing, this could be intentional by Symantec or it could be a result of a manipulation done by other software, for instance a rootkit. This does not mean that the found entry is part of the rootkit but that it can indicate rootkit manipulation.