PDA

View Full Version : Rootkit Deep Scan Results: Action needed?



tka.klein
2014-09-07, 16:08
Hi. I recently was getting some alerts from Comcast's Constant Guard stating that I had a few bots. After doing some research, I found that these alerts may be bogus (http://www.bleepingcomputer.com/forums/t/547159/constant-guard-reporting-bots/). Regardless, just to be on the safe side, I ran a bunch of maleware detection programs, all of which came up negative. However, when I ran SPYBOT's Rootkit analyzer doing a deep scan, it reported several items. I have a feeling these items are benign, but I thought I'd post them here just to get your opinion if any of these items warrant additional action. Here is the log report:

// info: Rootkit removal help file
// copyright: (c) 2008-2014 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","C:\System Recovery"
File:"Unknown ADS","C:\Users\Ken\AppData\Local:EJ29y8bxQ4wgi95FLvUn:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Cookies:CgERIV9qwc9AvhvnOFrK7yfUE4:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Local\Temp:zs1Jaj3wgScd242J78Px7:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Local\VirtualStore\ProgramData\Microsoft:FnVSjFwDzgCtgx0wg:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Local\VirtualStore\ProgramData\Microsoft:zViiSBebxsZOszQh7woOHTCWZ:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Local\Temp\acrord32_sbx:zs1Jaj3wgScd242J78Px7:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Local\Microsoft\Windows\Temporary Internet Files\XdviHgbQA:aO28ciz6LSf2paJ0Gt2Al08:$DATA"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
File:"Unknown ADS","C:\ProgramData\Kaspersky Lab\AVP14.0.0\Report:kisextended:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"


Thanks in advance!

Ken

tashi
2014-09-08, 02:46
Hello tka.klein,

In general all items found by the RootAlyzer are not necessarily malicious but shows items it believes to be out of the ordinary and may give a hint for an infection.

Sometimes even legitimate software uses rootkit technologies, the log doesn't look out of the ordinary.

How is the computer running?

Meanwhile reading the link you provided it appears Comcast is having a bad week. :)

Best regards.