PDA

View Full Version : Multiple "No admin in ACL" results on first rootkit scan



Flummoxd
2014-03-23, 23:35
Was recommended to use S&D, so installed the free home version: 2.2.21.0. Thanks Guys!

Running Windows 8.1; fully patched. Other security S/W is Windows Defender and Malwarebytes (scan on demand).

Ran deep scan for rootkits. Got multiple red and amber flags. Stopped Windows Restore and deleted all restore points. Deleted the flagged items as suggested. Rebooted and reran the rootkit scan and the flags came back again. Herewith the S&D log:

// info: Rootkit removal help file
// copyright: (c) 2008-2014 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-1057265343-3467841543-1360626664-1001\$RZWV1SG:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-1057265343-3467841543-1360626664-1001\$RZWV1SG\Documents:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-1057265343-3467841543-1360626664-1001\$RZWV1SG\Pictures:ms-properties:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\","LogonSoundPlayed"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Vol"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Kor\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Cht\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\IME\15.0\IMESC\","DUState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\IME\15.0\IMEJP\DictionaryUpdate\","DUState"

All suggestions welcome, please.

(Novice User!)

Thanks!:red:

tashi
2014-03-24, 06:41
Hello Flummoxd,

The log appears to be normal.

In general all items found by the RootAlyzer are not necessarily malicious, it shows items which it believes to be out of the ordinary and may give a hint for an infection.

How is the computer running in general, any issues? :)

Best regards.

Flummoxd
2014-03-24, 21:54
Hello Flummoxd,

The log appears to be normal.

In general all items found by the RootAlyzer are not necessarily malicious, it shows items which it believes to be out of the ordinary and may give a hint for an infection.

How is the computer running in general, any issues? :)

Best regards.

Hi Tashi

Many thanks for casting your experienced eye over my logs and advising there are no infections. Malwarebytes found Trojan.FakeMS in a full scan, and decided I needed extra protection so installed Spybot S&D. Apart from this the computer appears to be fine.

Thanks again!

Best Wishes
:bigthumb:

tashi
2014-03-24, 23:24
:greeting: