PDA

View Full Version : Are any of these bad?



alanevil
2015-04-04, 19:41
This is my first run of Rootalyzer and if I search for every one of these it'll be next week until I'm done. The one that I'm most concerned about is the Kaspersky entry which Mozilla says may be interfering with Firefox's use of SSLs. Could you tell me which, if any, of these should be removed?

// info: Rootkit removal help file
// copyright: (c) 2008-2015 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Windows\Temp\61a71a1a-1ccc-49ca-97f5-94bcd213b62f:$WIMMOUNTDATA:$DATA"
File:"Unknown ADS","C:\Users\Alan\SkyDrive:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Alan\SkyDrive\Documents:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Alan\SkyDrive\Pictures:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Alan\SkyDrive\Public:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Alan\SkyDrive\Pictures\Camera Roll:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Alan\SkyDrive\Pictures\Camera Roll\IFPRTOGO - WIN_20140103_003305.JPG:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Alan\SkyDrive\Documents\150320.1.log:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Alan\SkyDrive\Documents\150403 firefox.txt:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Alan\SkyDrive\Documents\by release date.m3u:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Alan\SkyDrive\Documents\Emma's #10 birthday.pub.pdf:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Alan\Pictures\Camera Roll\WIN_20140320_195947.JPG:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Alan\Pictures\Camera Roll\WIN_20140322_122258.JPG:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Alan\Pictures\Camera Roll\WIN_20150113_170117.JPG:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Alan\Pictures\Camera Roll\WIN_20150113_170154.JPG:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Alan\Pictures\Camera Roll\WIN_20150113_200517.JPG:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\Alan\Pictures\2013\unsorted\WIN_20140103_003305.JPG:ms-properties:$DATA"
File:"No admin in ACL","C:\Users\Alan\AppData\Roaming\PrintsService"
File:"No admin in ACL","C:\Users\Alan\AppData\Roaming\Profiles"
File:"No admin in ACL","C:\Users\Alan\AppData\Roaming\Project Templates"
File:"No admin in ACL","C:\Users\Alan\AppData\Roaming\Sample Delay"
File:"No admin in ACL","C:\ProgramData\PKP_DLeo.DAT"
File:"No admin in ACL","C:\ProgramData\PKP_DLes.DAT"
File:"No admin in ACL","C:\ProgramData\PKP_DLet.DAT"
File:"No admin in ACL","C:\ProgramData\PKP_DLev.DAT"
File:"No admin in ACL","C:\ProgramData\Radio Sounds"
File:"No admin in ACL","C:\ProgramData\Receipts"
File:"No admin in ACL","C:\ProgramData\Repeat Routines"
File:"No admin in ACL","C:\ProgramData\Sci-Fi"
File:"No admin in ACL","C:\ProgramData\Screen Savers"
File:"No admin in ACL","C:\ProgramData\Services"
File:"No admin in ACL","C:\ProgramData\SupportPrinters"
File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configek.stn"
File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configel.stn"
File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configen.stn"
File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configew.stn"
File:"No admin in ACL","C:\ProgramData\Nero\OnlineServices"
File:"No admin in ACL","C:\ProgramData\Nero\OnlineServices\cabundle.crt"
File:"No admin in ACL","C:\ProgramData\Nero\OnlineServices\controldata_145.bin"
File:"No admin in ACL","C:\ProgramData\Nero\OnlineServices\usagestatdata_145.bin"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 12\OnlineServices"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 12\OnlineServices\cabundle.crt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 11\OnlineServices"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 11\OnlineServices\cabundle.crt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices"
File:"Unknown ADS","C:\ProgramData\Kaspersky Lab\AVP15.0.2\Report:kisextended:$DATA"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxdu.xxb"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxdv.xxb"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxdx.xxb"
File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxeg.xxb"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn\","DuState"

tashi
2015-04-04, 20:25
Hello alanevil,

Most appear to be hidden Program Data files. In general all items found by the RootAlyzer are not necessarily malicious but shows items it believes to be out of the ordinary and may give a hint for an infection.

Sometimes even legitimate software uses rootkit technologies. How is the computer running, any particular reason you ran a rootkit scan?

Best regards.

alanevil
2015-04-04, 20:36
Hello alanevil,

Most appear to be hidden Program Data files. In general all items found by the RootAlyzer are not necessarily malicious but shows items it believes to be out of the ordinary and may give a hint for an infection.

Sometimes even legitimate software uses rootkit technologies. How is the computer running, any particular reason you ran a rootkit scan?

Best regards.

I have been having increasing issues with Firefox since I was attacked with Optimizer Pro (bastards!) a few weeks ago. Multiple Spybot scans combined with adaware, Kaspersky (which I uninstalled after running two scans), two other rootkit detectors (I didn't even know this was part of Spybot and took me a while to realize it was hidden in the Advanced area), and Housecall finally cleaned the system and nothing has shown up since but Firefox has gotten slower and slower. Mozilla suggested that Kaspersky may have left something behind that interferes with SSL after I "refreshed" Firefox. I have also been unable to re-install iTunes since an update last year. Of course Apple's only advice is that I re-install my OS. That ain't gonna happen.

tashi
2015-04-05, 00:04
Hi alanevil,


I have been having increasing issues with Firefox since I was attacked with Optimizer Pro (bastards!) a few weeks ago. Multiple Spybot scans combined with adaware, Kaspersky (which I uninstalled after running two scans), two other rootkit detectors (I didn't even know this was part of Spybot and took me a while to realize it was hidden in the Advanced area), and Housecall finally cleaned the system and nothing has shown up since but Firefox has gotten slower and slower. Mozilla suggested that Kaspersky may have left something behind that interferes with SSL after I "refreshed" Firefox. I have also been unable to re-install iTunes since an update last year. Of course Apple's only advice is that I re-install my OS. That ain't gonna happen.

Some could take a look at the sytem if you'd like. :)

If so please start a topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) and a volunteer analyst will advise.

First see that forum's FAQ which also includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Best regards.