PDA

View Full Version : Rootkit scan results



jimmy2times
2015-07-01, 20:37
Hi,

Could you please tell me whether any of the following scan results are malicious or dangerous, and which, if any, I should delete.

// info: Rootkit removal help file
// copyright: (c) 2008-2015 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Users\JH\OneDrive:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\JH\OneDrive\Documents:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\JH\OneDrive\Pictures:ms-properties:$DATA"
File:"Unknown ADS","C:\Users\JH\OneDrive\Public:ms-properties:$DATA"
File:"No admin in ACL","C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine"
File:"No admin in ACL","C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
File:"Unknown ADS","C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe:Microsoft_Appcompat_ReinstallUpgrade:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn\","DuState"

Thank you

tashi
2015-07-02, 02:17
Hello jimmy2times,

Those entries are not bad, how is the computer running? :)

Best regards.

jimmy2times
2015-07-02, 11:02
Hey Tashi,

Thank you. The computer used to run faster, add to that the frequent issues with Windows and its Updates... And on my part, I have 3 security software. I realized that it's too much for the computer to handle, so I've disabled some features on 2 of them.

Thanks :)

tashi
2015-07-03, 03:16
Hi jimmy2times,


And on my part, I have 3 security software. I realized that it's too much for the computer to handle, so I've disabled some features on 2 of them.




You probably are aware of this but it's an opportunity to provide (https://forums.spybot.info/showthread.php?279-So-how-did-I-get-infected-in-the-first-place&p=1095&viewfull=1#post1095)the information for all users. :)

Usually one can have more than one anti-spyware, anti-malware type programs installed without issue, although one may decide to choose one resident real time protection.

The same does not apply to firewalls and anti-virus programs.

Rule of thumb is one firewall and one anti virus program resident to avoid conflicts, loss of program efficiency and system lock up due to both software products attempting to access the same files at the same time.

:kboard:

jimmy2times
2015-07-24, 08:50
Hey Tashi,

I'm having some difficulties starting some programs like Google Chrome. I've tried all the solutions and the only attributable cause remaining is having more than one Antivirus i.e. Norton and Spybot AS+AV. My question is how can I disable AV on Spybot and have it run solely as an AS program. Should I switch off live protection all together? I already have Chrome disabled from the list of protected browsers in Spybot. Many thanks.

tashi
2015-07-25, 00:24
Hello jimmy2times,


Hey Tashi,

I'm having some difficulties starting some programs like Google Chrome. I've tried all the solutions and the only attributable cause remaining is having more than one Antivirus i.e. Norton and Spybot AS+AV.

Aside from program and system lock ups your computer is more likely to get infected by running more than one resident Anti Virus program, it makes them less effective. In this case more isn't better. :lip:



My question is how can I disable AV on Spybot and have it run solely as an AS program. Should I switch off live protection all together? I already have Chrome disabled from the list of protected browsers in Spybot. Many thanks.

"Live protection monitors all processes created or running on your system and scans them. Malicious processes are blocked even before they start.
If you have another antivirus engine running you can choose to disable the one integrated into Spybot +AV from Settings." :)

https://www.safer-networking.org/live-protection/

Best regards.

jimmy2times
2015-09-14, 12:55
Hi Tash,

So, in other words, disabling Live Protection disables AV, thereby avoiding the conflict? Frankly, I'm finding Spybot to be very effective. I've tried the free edition on my old PC, it cleaned that sucker up!

The computer is slower now after i upgraded to Windows 10, and i get random mouse freezes while browsing on Chrome.

I have a question which i hope you could shed some light on; I am unable to "display DNS" it only shows a couple of entries for Google client and others with Norton.Symantec. It definitely does not show my DNS cache which should be a 100 pages long. What's up with that? I mean is it possible the Norton Firewall is not allowing the display of the full DNS? I remember there's a file in System32 which includes the entire DNS cache, what was its name again?

Thank you Tashi, your assistance is appreciated. Have a good one!

tashi
2015-09-15, 06:44
Hello jimmy2times,


It definitely does not show my DNS cache which should be a 100 pages long. What's up with that? I mean is it possible the Norton Firewall is not allowing the display of the full DNS? I remember there's a file in System32 which includes the entire DNS cache, what was its name again?


At the command prompt type ipconfig /displaydns

I don't use Norton so can't advise there, I flush the DNS cache on a regular basis. ;)

There's a lot of information out there but perhaps these two links may be helpful.

https://www.whatsmydns.net/flush-dns.html

http://www.howtogeek.com/197804/how-to-clear-the-google-chrome-dns-cache-on-windows/

Regards. :)