PDA

View Full Version : Rootkit Scan result - infected?



Staubfinger
2014-03-20, 17:58
Hi everyone,

my computer was really slow today and I used Spybot Search and Destroy 2.2 to scan the system for rootkits.

// info: Rootkit removal help file
// copyright: (c) 2008-2014 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","C:\Users\*****\AppData\Local\Temp\~DF21D1F60A1FBD2EA7.TMP"

Can I delete the file or will that cause problems?
Thanks for your help in advance!

tashi
2014-03-20, 19:19
Hello Staubfinger,

In general all items found by the RootAlyzer are not necessarily malicious. That's a temp file and may not show on another scan tomorrow.

Please list:
The operating system
Other security programs installed
Any issues with the computer's performance other than it being slow today?

Best regards,

Staubfinger
2014-03-20, 20:00
Hi tashi

thanks, I will do another scan tomorrow. I also did a scan with Malwarebites anti rootkit and it said, when I started it, that registr value "AppInit_Dlls" has been found and might cause problems and asked me if I want to delete it (it did not find the .TMP file that I had posted before though). What do you think?


My operating system: Windows 7
Other security programs installed: Avira Free Antivirus, Malwarebites Anti-malware, Malwarebites anti rootkit and spybot search and destroy, only Avira is scanning constantly, I use the others every now and again for checks.
Any issues with the computer's performance other than it being slow today? No, simply being slow and stubborn (not sure what you consider as other performance issues though)

Thanks a lot!

tashi
2014-03-20, 22:19
Hi Staubfinger,


Hi tashi

thanks, I will do another scan tomorrow. I also did a scan with Malwarebites anti rootkit and it said, when I started it, that registr value "AppInit_Dlls" has been found and might cause problems and asked me if I want to delete it (it did not find the .TMP file that I had posted before though). What do you think?

.TMP =Temporary files, see http://support.microsoft.com/kb/92635

Sometimes they can be infected but it appears unlikely. If you need to ask about the results of a malwarebytes scan you can always ask in their forums (https://forums.malwarebytes.org/index.php?act=idx). :)

Which version of Spybot 2.2 do you have please. http://www.safer-networking.org/

:greeting: