Results 1 to 3 of 3

Thread: Rootalyzer log file - Please help!

  1. #1
    Junior Member
    Join Date
    Sep 2008

    Exclamation Rootalyzer log file - Please help!

    i recently downloaded the latest version of rootalyzer and did a deep scan. even though my quick scan came up with no hidden stuff for all 6 categories, i found 3 items in the deep scan. here's my log. please help with interpreting the results. thanks!

    // info: Rootkit removal help file
    // copyright: (c) 2008 Safer Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File: "Unknown ADS", "C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT:$DATA"

    File: "Unknown ADS", "C:\Documents and Settings\playerguy\My Documents\Security\AntiRootkit\PAVARK.exe:License:$DATA"

    Directory:"No admin in ACL","C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA"

    so that's my log above. thanks for any help or comments that you can offer!

  2. #2
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Planet Earth


    The first is registration information from Ahead Nero, the CD/DVD burning suite that uses this "rootkit" method to hide it.

    The second seems to be the license of PAVARK? You can use FileAlyzer to view PAVARK.exe, Stream tab, I'm pretty sure it'll contain just text.

    The last one RootAlyzer should already tell you about as being some Office stuff, that's not dangerous as well
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  3. #3
    Junior Member
    Join Date
    Sep 2008

    Default Rootalyzer log file

    thanks for the reply. i had no idea what the first entry was, or that it was linked to nero. should i get rid of nero? i did pay for a license but it's about to expire anyways, so i probably won't be renewing with them after this. as for pavark, it is a file from panda antirootkit, so i am puzzled as to why it would show up as infected. you are right about the last one. it did appear to be from office, but i posted because i figured malware could appear more legit by pretending to be from office. is that usually the directory the unknown ADS shows up in? how can you tell a legitimate office directory form a rootkit one?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts