PDA

View Full Version : Rootkit analysis help



mweimer22
2015-08-24, 20:24
Thanks in advance for the help.

I ran a rootkit analysis of my win 7 laptop and came up with these results (please see the attached image). It seems to me (and my intelligent friend Google) that most are fine. The only one I could not decipher is the biost! s entry. My computer is on the old side, but the performance has started to drag. Would someone please advise.

Matt

tashi
2015-08-24, 20:43
Hello mweimer22,

They appear to be fine but could you copy paste the results into this thread so I can see the file path please. :)

Best regards.

mweimer22
2015-08-24, 20:48
As requested:

// info: Rootkit removal help file
// copyright: (c) 2008-2015 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Invisible to Win32","C:\biost! s"
File:"Invisible to Win32","C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17963_none_f5688b04375c1ad5"
File:"No admin in ACL","C:\ProgramData\Real\setup\config.ini"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter","Flyout"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center","Svc"


Thanks for the prompt response,
Matt

tashi
2015-08-24, 21:10
Hi mweimer22,

biost! s may be a file description that is pertinent to the detectives coding detections.

Aside from the slowness in your laptop have you noticed any other issues, was there a particular reason for running a rootkit scan?

A rootkit is cut from a different cloth than most malware infections, the RootAlyzer shows items which it believes to be out of the ordinary and may give a hint for an infection.

But in general these are not necessarily malicious, even legitimate software may use rootkit technologies.

Best regards.

mweimer22
2015-08-24, 23:06
Thanks again Tashi,

No other problems, I am most likely being paranoid. If anything else comes up I will post further.

Matt

tashi
2015-08-25, 01:12
Sounds good. :)