tka.klein
2014-09-07, 16:08
Hi. I recently was getting some alerts from Comcast's Constant Guard stating that I had a few bots. After doing some research, I found that these alerts may be bogus (http://www.bleepingcomputer.com/forums/t/547159/constant-guard-reporting-bots/). Regardless, just to be on the safe side, I ran a bunch of maleware detection programs, all of which came up negative. However, when I ran SPYBOT's Rootkit analyzer doing a deep scan, it reported several items. I have a feeling these items are benign, but I thought I'd post them here just to get your opinion if any of these items warrant additional action. Here is the log report:
// info: Rootkit removal help file
// copyright: (c) 2008-2014 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"No admin in ACL","C:\System Recovery"
File:"Unknown ADS","C:\Users\Ken\AppData\Local:EJ29y8bxQ4wgi95FLvUn:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Cookies:CgERIV9qwc9AvhvnOFrK7yfUE4:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Local\Temp:zs1Jaj3wgScd242J78Px7:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Local\VirtualStore\ProgramData\Microsoft:FnVSjFwDzgCtgx0wg:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Local\VirtualStore\ProgramData\Microsoft:zViiSBebxsZOszQh7woOHTCWZ:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Local\Temp\acrord32_sbx:zs1Jaj3wgScd242J78Px7:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Local\Microsoft\Windows\Temporary Internet Files\XdviHgbQA:aO28ciz6LSf2paJ0Gt2Al08:$DATA"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
File:"Unknown ADS","C:\ProgramData\Kaspersky Lab\AVP14.0.0\Report:kisextended:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"
Thanks in advance!
Ken
// info: Rootkit removal help file
// copyright: (c) 2008-2014 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"No admin in ACL","C:\System Recovery"
File:"Unknown ADS","C:\Users\Ken\AppData\Local:EJ29y8bxQ4wgi95FLvUn:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Cookies:CgERIV9qwc9AvhvnOFrK7yfUE4:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Local\Temp:zs1Jaj3wgScd242J78Px7:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Local\VirtualStore\ProgramData\Microsoft:FnVSjFwDzgCtgx0wg:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Local\VirtualStore\ProgramData\Microsoft:zViiSBebxsZOszQh7woOHTCWZ:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Local\Temp\acrord32_sbx:zs1Jaj3wgScd242J78Px7:$DATA"
File:"Unknown ADS","C:\Users\Ken\AppData\Local\Microsoft\Windows\Temporary Internet Files\XdviHgbQA:aO28ciz6LSf2paJ0Gt2Al08:$DATA"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
File:"Unknown ADS","C:\ProgramData\Kaspersky Lab\AVP14.0.0\Report:kisextended:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"
Thanks in advance!
Ken