PDA

View Full Version : I Got Results Suggesting A Possible Problem + A Few in Deep Scan



/ctrl
2013-05-21, 06:23
Hello these are my first results. I was prompted to do a deeper scan and it then found two more things but I don't understand them. If anyone can tell me if I'm OK or need to take further action this would be good!

Quickscan Results

RootAlyzer Quick Scan Results

Files in Windows folder
----------------------------------------
1 hidden out of 87 files were detected.
Hidden files: version
C:\Windows\version
========================================

Files in System folder
----------------------------------------
2408 files were tested.
No hidden files detected.
========================================

Global run entries
----------------------------------------

No hidden entries detected.
========================================

Winlogon entries
----------------------------------------

No hidden entries detected.
========================================

Invisible processes (from handles)
----------------------------------------
0 handle process IDs for 45 processes.
No hidden processes detected.
========================================

Invisible processes (from threads)
----------------------------------------
45 processes tested.
No hidden processes detected.
========================================

Master Boot Records
----------------------------------------
1 MBRs checked.
No unknown MBRs detected.
========================================


Deep Scan Results

:: RootAlyzer Results
File:"Hidden file","C:\Windows\version"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\","Flyout"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"

spybotsandra
2013-05-21, 16:15
Hello,

That does not look malicious.

Malware sometimes uses rootkit technology to hide itself at system level.
This makes it undetectable by standard tools. Our plugins help Spybot – Search & Destroy to detect this form of malware.
Our Rootkit Scanner tool shows anything that uses certain rootkit technologies. But items with rootkit properties detected here are not necessarily malware. Sometimes, legit software uses rootkit technologies to hide registration data or other things it does not want the user to see in any case. So please keep in mind that the Rootkit Scanner only flags suspicious stuff, not identifying just bad stuff.

The deletion is final and can not be recovered through the Quarantine.
If you still want to remove the found items it is strongly recommend to create a system restore point (http://windows.microsoft.com/en-US/windows-vista/System-Restore-frequently-asked-questions) before doing that.

Best regards
Sandra
Team Spybot

/ctrl
2013-05-22, 04:13
Thank you spybotsandra. I have performed the removal aftercreating the restore point. Afterwards I also ran another rootkit scanner and everything was clear!

Thanks for the explanation,

/ctrl.