Results 1 to 3 of 3

Thread: Strange Result

  1. #1
    Junior Member
    Join Date
    Apr 2008
    Posts
    2

    Default Strange Result


    Excuse my English, not very good, but I'am a "French'people" so ...

    I had formated my Hard disks then reinstalled my Win XP SR2 and the necessary applications I'm using. This was yesterday, after a hard attack of "Backdoor.win32.Hupigon.tsy" that nothing had resolved. So Formating became more secure.
    (Note thay my Antivir is the first thing installed and Uptodate)
    Than today, I started the first deep scan with RootAlyser I just discover, and I get this result (The Quick Scan was OK !)

    The "Information" says Please do not blindly use this script; in case of any doubt, visit
    http://forums.spybot.info/
    and ask for assistance !

    That's what I'm doing.

    // info: Rootkit removal help file
    // copyright: (c) 2008 Safer Networking Ltd. All rights reserved.
    :: RootAlyzer Results
    Directory:"No admin in ACL","C:\System Volume Information"
    RegyKey:"Zero char in key

    name","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\","System\0"
    // Attention: entries with a zero character will not be displayed correctly and may not work!

    I'm thinking that some of you know how to change this safely if it seem to be necessary (with Regedit of course)

    Thank you very much for your help.
    Patrick.

  2. #2
    Junior Member
    Join Date
    Apr 2008
    Posts
    2

    Exclamation Hello !


    I think that the concern that I exposed did not make yet react anyone!
    I know that I am "new" but I try to traverse seriously this forum.
    At the end of a moment, my bad English gene me a little...!

    Then before leaving you (it is also necessary that I make other things) I try to specify you how is my system:
    Dual-Core E6550 - RAM 4 Go
    HDD 500 Go (SATA) and 250 Go (IDE)
    Graphics Board ATI PCIe 256 Mo (HD2400Pro)
    Engravers CD in IDE, Reader DVD in IDE, Engraver DVD DL in SATA.
    (This one and the 2 others entirely realized by my care...)
    Domestic Network with 4 PC (3 fixed + 1 portable) 1 Printer and 1 HDD [NAS] (Ethernet)


    This attack [Backdoor.Win32.Hupigon.tsy] should be interesting to improve our knowledge of means of prevention.
    (This is only the second one in 15 years of Informatic)

    Sorry, my English is not better after theses few hours in Forums !
    I would also accept your "direct mails" if you prefer.
    Good continuation.
    Patrick.

  3. #3
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default

    The first one wouldn't be a problem, that is an exception that will no longer be shown in the next release. The "System Volume Information" folder is one of the very few cases where it's fine that the Operating System doesn't let you access it

    As for the other one, do you use O&O Defrag? Some searching reveleaed that O&O Defrag uses this rootkit method here, probably to store license information.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •