PDA

View Full Version : Rootkit Deepscan results - help needed



eltopo
2015-03-24, 17:57
Hello

I ran a deep rootalyzer scan on my gf's computer, and here are the results:

:: RootAlyzer Results
File:"Unknown ADS","C:\Users\lufugo82\SkyDrive:ms-properties:$DATA"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
File:"Unknown ADS","C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe:Microsoft_Appcompat_ReinstallUpgrade:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$R2ZNW28:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$R522YZ7:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$R9BTG8H:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RBQ02YA:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RBVG2LR:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RCIO2FA:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RDZXOFF:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$REUHS62:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RIL0NWU:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RILWPUU:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RKRIM8P:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RL2V3NY:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RM7WX3Z:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RN40EI4:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RORB6A4:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RPDX3EB:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RPISEIW:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RQFIN2H:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RRZWD1R:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RTVSA6K:ms-properties:$DATA"
File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-353099202-3481518705-4181170855-1001\$RU7U2VF:ms-properties:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\InputMethod\Jpn\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn\","DuState"


Should I be worried about any of these? This is all very mysterious to me so any help would be greatly appreciated! :)

Thank you

tashi
2015-03-24, 18:01
Hello eltopo,

As presented those entries don't raise a flag.

Is there a particular reason you ran a rootkit scan? :)

eltopo
2015-03-25, 16:16
Hi Toshi

Thanks for replying - this computer is acting very very slow, during startup and during normal use, including when starting a new application. I have done all the basic checks (unnecessary programs, disk space, malware/viruses, defrag, etc). I don't think it's the RAM since the laptop was running fine when it was new, about a year ago. So before going for the nuclear option of reinstalling Windows I thought I'd check for rookits...

Thanks for your help! :)

tashi
2015-03-25, 16:55
Hello eltopo,


this computer is acting very very slow, during startup and during normal use, including when starting a new application. I have done all the basic checks (unnecessary programs, disk space, malware/viruses, defrag, etc). I don't think it's the RAM since the laptop was running fine when it was new, about a year ago. So before going for the nuclear option of reinstalling Windows I thought I'd check for rookits...


It might be best for someone to take a look at the system to either rule out an infection or clean one up. :)

Please see the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic in that forum providing the logs so a volunteer analyst can guide you, also provide a link back to this thread please.

Best regards.

eltopo
2015-03-25, 18:18
OK, thanks a lot for your help Tashi!