Results 1 to 6 of 6

Thread: Help with rootalyzer results please

  1. #1
    Junior Member
    Join Date
    Nov 2007
    Posts
    2

    Default Help with rootalyzer results please

    I run an FSC using Vista Home Premium and have just run a Rootalyzer deepscan and would like help with the results. (A quick scan came up with no problems.) Here is the log.

    // info: Rootkit removal help file
    // copyright: (c) 2008 Safer Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"No admin in ACL","C:\Windows\Internet Logs\tvDebug.log"
    File:"Unknown ADS","C:\Users\Gordon\Desktop\To go to data drive\Malta 2007\December Holiday - MHB confirmation.eml:OECustomProperty:$DATA"
    File:"Unknown ADS","C:\Users\Gordon\Desktop\To go to data drive\Malta 2007\Malta booking_files\December Holiday.eml:OECustomProperty:$DATA"
    File:"Unknown ADS","C:\Users\Gordon\Desktop\To go to data drive\Malta 2007\Malta booking_files\Travel Confirmation EPUJZO.eml:OECustomProperty:$DATA"
    File:"No admin in ACL","C:\Users\Gordon\AppData\Local\Temp\~DF64A8.tmp"
    File:"Unknown ADS","C:\Users\Gordon\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\44D915DC-00000001.eml:OECustomProperty:$DATA"
    File:"No admin in ACL","C:\Program Files\HP\HP Software Update\HpuFunction.dll"
    File:"No admin in ACL","C:\Program Files\HP\HP Software Update\hpwuSchd2.exe"
    File:"No admin in ACL","C:\Program Files\HP\HP Software Update\Session.dat"
    File:"No admin in ACL","C:\Program Files\HP\HP Software Update\Updates.dat"
    Directory:"No admin in ACL","C:\Windows\Internet Logs"
    Directory:"No admin in ACL","C:\Users\All Users\Symantec\SRTSP\SrtETmp"
    Directory:"No admin in ACL","C:\ProgramData\Symantec\SRTSP\SrtETmp"
    Directory:"No admin in ACL","C:\Program Files\HP\HP Software Update"

    Looking at other threads about Rootalyzer results, I assume that as I have an HP printer and use Norton, the entries referring to HP and Symantec can be ignored. I also recognise those referring to December holiday and Malta, which leaves the ones below:

    File:"No admin in ACL","C:\Windows\Internet Logs\tvDebug.log"

    File:"No admin in ACL","C:\Users\Gordon\AppData\Local\Temp\~DF64A8.tmp"
    File:"Unknown ADS","C:\Users\Gordon\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\44D915DC-00000001.eml:OECustomProperty:$DATA"
    Directory:"No admin in ACL","C:\Windows\Internet Logs"

    Any help/advice would be appreciated. I'm using version 0.2

    Thank you.

  2. #2
    Junior Member debbieclord's Avatar
    Join Date
    Aug 2008
    Location
    I live in Framingham, MA
    Posts
    1

    Unhappy Let me know when you find out

    I myself had just downloaded the RootAlyzer late last night. My computer is a Vista Home Premium, a year old this August. I did a deep scan and I don't know how to annualized the results either. Could you please let me know when you find out.
    Part of my results went like this:

    File:"Unknown ADS","C:\Users\Debbie\AppData\Local\VirtualStore\ProgramData\TEMP:DFC5A2B2:$DATA"
    File:"No admin in ACL","C:\Users\Debbie\AppData\Local\Temp\FFWSGINST\crawlersrch.xml"
    File:"Unknown ADS","C:\Users\Debbie\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\03145043-00000001.eml:OECustomProperty:$DATA"
    File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat"
    File:"No admin in ACL","C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar\More Crawler Products.lnk"

    I would appreciate it if you could let me know what the answer is. Thanks.

  3. #3
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,573

    Default

    The second Unknown ADS looks somewhat regular, I've added OECustomProperty to the whitelist (Outlook Express email files also have a legit other data stream named OEStandardProperty).

    The first one is imho a known legit one, too.

    The Office Data file should be in the whitelist and not appear at all. Which version does RootAlyzer show?

    Not sure about the two Crawler Toolbar entries.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  4. #4
    Senior Member honda12's Avatar
    Join Date
    Nov 2007
    Location
    UK
    Posts
    682

    Default

    Well Crawler Toolbar comes bundled with Spyware Terminator

    so @debbieclord if you have Spyware Terminator that would explain it
    -honda12

  5. #5
    Junior Member
    Join Date
    Nov 2009
    Posts
    1

    Default RootAlyzer results help.

    This is the first time I've used it, since I know I've got a trojan that S&D isn't picking up. I'm sort of nervous about editing the registry because I don't want to mess up my computer.

    :: RootAlyzer Results
    File:"No admin in ACL","C:\Windows\Internet Logs\tvDebug.Zip"
    File:"No admin in ACL","C:\Windows\Internet Logs\vsmon_2nd_2009_06_15_22_26_04_small.dmp.zip"
    File:"Unknown ADS","C:\Users\Patius\Videos\Gundam Wing (Complete)\Gundam Wing - 49.avi:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Patius\Music\drag-flames.mp3:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Patius\Music\DragonForce\Dragonforce - Discography\2006 - Inhuman Rampage\01 - Through The Fire And Flames.mp3:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Patius\Downloads\drag-flames.mp3:TOC.WMV:$DATA"
    File:"No admin in ACL","C:\Users\Patius\Desktop\Adobe Reader 9 Installer\AcroRead.msi"
    File:"No admin in ACL","C:\Users\Patius\Desktop\Adobe Reader 9 Installer\Setup.exe"
    File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\81602.bpc"
    File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK"
    File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat"
    File:"Unknown ADS","C:\Users\All Users\Hewlett-Packard\Media\DVD\001.FCL:001.FCL:$DATA"
    File:"No admin in ACL","C:\Users\All Users\avg9\Log\history.xml"
    File:"Unknown ADS","C:\ProgramData\Hewlett-Packard\Media\DVD\001.FCL:001.FCL:$DATA"
    File:"No admin in ACL","C:\ProgramData\avg9\Log\history.xml"
    Directory:"No admin in ACL","C:\Windows\Internet Logs"
    Directory:"No admin in ACL","C:\Users\Patius\Desktop\Adobe Reader 9 Installer"
    Directory:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA"
    Directory:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\","Flyout"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"

  6. #6
    Senior Member honda12's Avatar
    Join Date
    Nov 2007
    Location
    UK
    Posts
    682

    Exclamation

    Hi Patius,
    Quote Originally Posted by Patius View Post
    ... I know I've got a trojan that S&D isn't picking up.
    Consider posting in the Malware Removal forum and having someone take a look at your system.

    If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log:

    Best regards,

    honda
    -honda12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •