PDA

View Full Version : Rootalyzer scan. Not sure about results



Dssertor
2014-01-28, 23:51
Hello,

my pc has been running various antivirus type software tools, MalwareBytes, Hitman Pro, AVG free, and currently have installed Bitdefender free antivirus which has fully analyzed my computer too (all updated and of course not simultaneously). And as plus, I have run tddskiller by kasperskylabs, adwcleaner. All in all I thought by now I would have totalle eliminated most of the threats, until I ran your SpyBot utility ROOTkit Analyzer.

Here is the log

// info: Rootkit removal help file
// copyright: (c) 2008-2014 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","D:\Stuff\Dropbox\Photos\Sample Album\Boston City Flow.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Photos\Sample Album\Costa Rican Frog.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Photos\Sample Album\Pensive Parakeet.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\1-e4c29675f4.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\10-51947962d3.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\11-b5ebb406b7.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\12-e6bc31b69a.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\13-42f1b60d81.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\14-682f90422d.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\15-860f75f7e0.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\16-db14b1699b.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\17-91e391b3fe.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\18-7b646554aa.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\19-b43b10e053.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\2-53ad6a32c3.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\20-4d6a088112.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\21-413f002af2.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\3-38fefb323d.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\4-c2befc6fb4.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\5-534535ecd2.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\6-84fde94bcf.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\7-c115845940.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\8-0ce77365de.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\9-45a631694e.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\pdf.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\smlgif.gif:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\spinner_large_mac_white(1).gif:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\spinner_large_mac_white.gif:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Geometria Descriptiva-Sombras_files\txt.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Capturas de tela\Captura de tela 2014-01-20 16.32.04.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Capturas de tela\Captura de tela 2014-01-23 09.01.28.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\1-5595aa415d.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\10-14b433ba01.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\11-56e6ce639c.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\12-5950eb8f65.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\13-87ac80113b.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\14-463a267774.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\15-f97d062597.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\16-e159f584c1.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\17-610a7f2926.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\18-02ee50db71.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\19-2ab0061fdf.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\20-128d75059a.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\21-20bdc09f1c.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\22-01ed073154.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\25-7670e5c0f1.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\26-c0245be838.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\27-9c88992350.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\28-038010a812.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\29-a0ee80eb3c.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\3-f3ef4aa1c0.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\30-3dec3c324c.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\31-03eece0e0e.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\32-33b5515791.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\33-c2ec1f18c5.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\34-f6f1035d6c.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\37-c15c45d12f.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\38-3ecd19ae4d.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\40-b4548a223c.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\41-c1aa62d287.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\42-755d0b6ac0.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\43-ac1c508cde.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\44-4a5821f1c2.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\45-ed707b4121.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\46-e513ad91a6.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\48-791aabf12e.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\49-6d7ccfaa16.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\5-c29eda5a7d.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\50-6b9dba4716.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\51-0c9ab5e678.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\6-58968fbc2a.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\7-3800578872.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\8-8fcd4e0645.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\9-b519eb5c03.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\pdf.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\smlgif.gif:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\spinner_large_mac_white.gif:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\spinner_mac_white.gif:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\spinner_trans_gray.gif:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Stuff\Dropbox\Apostila_geografia_fisica_files\txt.png:com.dropbox.attributes:$DATA"
File:"No admin in ACL","C:\Windows\Temp\ZLT02c55.TMP"
File:"No admin in ACL","C:\Windows\Temp\ZLT0537d.TMP"
File:"Unknown ADS","C:\Users\Gonçalo\Downloads\Adaware_Installer.exe:BDU:$DATA"
File:"Unknown ADS","C:\Users\Gonçalo\Downloads\adwcleaner (1).exe:BDU:$DATA"
File:"Unknown ADS","C:\Users\Gonçalo\Downloads\banana.exe:BDU:$DATA"
File:"Unknown ADS","C:\Users\Gonçalo\Downloads\BootkitRemoval_x64.exe:BDU:$DATA"
File:"Unknown ADS","C:\Users\Gonçalo\Downloads\ccsetup410.exe:BDU:$DATA"
File:"Unknown ADS","C:\Users\Gonçalo\Downloads\processlassosetup64.exe:BDU:$DATA"
File:"Unknown ADS","C:\Users\Gonçalo\Downloads\RogueKillerX64.exe:BDU:$DATA"
File:"Unknown ADS","C:\Users\Gonçalo\AppData\Local:2ZYuOJM0I19gjhU7zuNH:$DATA"
File:"Unknown ADS","C:\Users\Gonçalo\AppData\Local:SL_{42726572-7361-6369-352e-30312e303030}:$DATA"
File:"Unknown ADS","C:\Users\Gonçalo\AppData\Local\Temp:SL_{42726572-7361-6369-352e-30312e303033}:$DATA"
File:"Unknown ADS","C:\Users\Gonçalo\AppData\Local\Temp:SL_{70784561-6f6c-6572-7256-696577657236}:$DATA"
File:"Unknown ADS","C:\Users\Gonçalo\AppData\Local\Temp\acrord32_sbx:SL_{42726572-7361-6369-352e-30312e303033}:$DATA"
File:"Unknown ADS","C:\Users\Gonçalo\AppData\Local\Temp\acrord32_sbx:SL_{70784561-6f6c-6572-7256-696577657236}:$DATA"
File:"Unknown ADS","C:\Users\Gonçalo\AppData\Local\Microsoft\Windows\Temporary Internet Files:gbmtZIGi9sBBZvX4oldNMr:$DATA"
File:"Unknown ADS","C:\Users\Gonçalo\AppData\Local\Microsoft\Windows\Temporary Internet Files:jahvoi861EtO9h05bvpCv:$DATA"
File:"Unknown ADS","C:\Users\Gonçalo\AppData\Local\Comodo\Dragon\User Data\Default\Cache\f_00001e:BDU:$DATA"
File:"No admin in ACL","C:\ProgramData\Real\setup\config.ini"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Logs\tvDebug.log"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Logs\ZALog.txt"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\BACKUP.NDB"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\GONÇALO-PC.ldb"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\IAMDB.NDB"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB10C2.tmp"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB231.tmp"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB483.tmp"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB8120.tmp"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB841E.tmp"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB96D2.tmp"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDB972.tmp"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\xDBD0B.tmp"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\","Version<0x00>Version"
RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\","Version<0x00>Version"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\","Version<0x00>Version"
RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\","Version<0x00>Version"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\","Version<0x00>Version"
RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\","Version<0x00>Version"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\","Version<0x00>Version"
RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\","Version<0x00>Version"


I don't know what else to do. What is and what is not a rootkit threat??

Thank you in advance!

tashi
2014-01-29, 20:45
Hello Dssertor, :welcome:



my pc has been running various antivirus type software tools, MalwareBytes, Hitman Pro, AVG free, and currently have installed Bitdefender free antivirus which has fully analyzed my computer too (all updated and of course not simultaneously). And as plus, I have run tddskiller by kasperskylabs, adwcleaner.

That's a lot of software, the log shows RogueKiller and BootkitRemoval too. What is the operating system and what led you to believe the computer was infected with rootkits? :)


All in all I thought by now I would have totalle eliminated most of the threats, until I ran your SpyBot utility ROOTkit Analyzer.
<snip>
I don't know what else to do. What is and what is not a rootkit threat??

In general all items found by the RootAlyzer are not necessarily malicious but show items which it believes to be out of the ordinary as an analyst tool.

The log shows Dropbox, Microsoft and Zone Alarm files.

It also shows banana.exe
See: http://www.threatexpert.com/files/banana.exe.html

You could upload that file to check it out: https://www.virustotal.com/ and/or http://virusscan.jotti.org/en

Best regards.