PDA

View Full Version : Rootkit Scan results



Xellon
2013-07-26, 22:23
I did a deep scan and wondering if anything listed is harmful or not.


// info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Hidden file","C:\Windows\0"
File:"Unknown ADS","C:\ProgramData:gs5sys:$DATA"
File:"Unknown ADS","C:\Users\All Users:gs5sys:$DATA"
File:"Unknown ADS","C:\Users\Emanuel:gs5sys:$DATA"
File:"Unknown ADS","C:\Users\Public\Pictures\desktop.ini:gs5sys:$DATA"
File:"Unknown ADS","C:\Users\Public\Documents\desktop.ini:gs5sys:$DATA"
File:"Unknown ADS","C:\Users\Emanuel\Documents\desktop.ini:gs5sys:$DATA"
File:"Unknown ADS","C:\Users\Emanuel\Desktop\desktop.ini:gs5sys:$DATA"
File:"Unknown ADS","C:\Users\Emanuel\AppData\Local:gs5sys:$DATA"
File:"Unknown ADS","C:\Users\Emanuel\AppData\Local:LR26N4tjCJ1cd9x8rJbr:$DATA"
File:"Unknown ADS","C:\Users\Emanuel\AppData\Roaming:gs5sys:$DATA"
File:"No admin in ACL","C:\Users\Emanuel\AppData\Roaming\Real\Update\UpgradeHelper"
File:"No admin in ACL","C:\Users\Emanuel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer"
File:"No admin in ACL","C:\Users\Emanuel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11"
File:"Unknown ADS","C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Cookies:gs5sys:$DATA"
File:"Unknown ADS","C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Templates:gs5sys:$DATA"
File:"Unknown ADS","C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini:gs5sys:$DATA"
File:"Unknown ADS","C:\Users\Emanuel\AppData\Local\ajnqnjafY:vdSX62BoSDDpKaIGmqfX:$DATA"
File:"Unknown ADS","C:\Users\Emanuel\AppData\Local\Microsoft\Windows\History:gs5sys:$DATA"
File:"Unknown ADS","C:\Users\All Users\TEMP:5C321E34:$DATA"
File:"Unknown ADS","C:\Users\All Users\TEMP:9A870F8B:$DATA"
File:"No admin in ACL","C:\Users\All Users\Real\setup\config.ini"
File:"No admin in ACL","C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine"
File:"No admin in ACL","C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp"
File:"No admin in ACL","C:\ProgramData\Real\setup\config.ini"
File:"No admin in ACL","C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine"
File:"No admin in ACL","C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp"

tashi
2013-07-27, 04:09
Hello Xellon,


An unknown MBR just means that RootAlyzer does not know this pattern, this can have various reasons, for instance usage of a bootloader.
In general all items found by the RootAlyzer are not necessarily malicious. The RootAlyzer shows items which it believes to be out of the ordinary and may give a hint for an infection.
The RootAlyzer is an analyst tool, it is not a scan and fix tool like the System or File Scan.
http://forums.spybot.info/showthread.php?68807-MBR-PhysicalDrive0&p=442397&viewfull=1#post442397

Is this a personal computer and how is the machine running in general?

Best regards.