Results 1 to 4 of 4

Thread: RootAlyzer Results

  1. #1
    Junior Member
    Join Date
    Feb 2010
    Posts
    2

    Default RootAlyzer Results

    I left RootAlyzer running last night and would like some help with the results, if possible

    Code:
    // info: Rootkit removal help file
    // copyright: (c) 2008-2009 Safer-Networking Ltd. All rights reserved.
    
    :: RootAlyzer Results
    File:"Unknown ADS","I:\windows_profiles\Ian\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63:$DATA"
    File:"Unknown ADS","C:\WINDOWS:6C711FAC8B22E47A:$DATA"
    File:"Unknown ADS","C:\Program Files\FontExpert\FontExpert.exe:{8DC3F14F-FF96780B-59FE6BB0-7F1B8350}:$DATA"
    RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\","System\0"
    // Attention: entries with a zero character will not be displayed correctly and may not work!
    Just FYI - I have windows profiles redirected to my I: drive.

    I'm pretty sure that I could just delete the desktop.ini file, but I was wondering if this may be an indication of something bigger - SpyBot S&D isn't finding any spyware on my system. (Ad-Aware has found some overnight, but I haven't looked at the results yet)

    The second entry rather confuses me. I wouldn't have thought that a directory could have an ADS... but then, why not? hmm... Anyway, I assume that wouldn't be expected (as it's not white listed) so would you say I need to do something about it?

    Regarding the zero character in the registry entry; I have used previously O&O Defrag, but no longer do so I am wondering how I would get rid of this entry. I have read that you can do so using RootAlyzer, but just can't see how it would be done. Can anyone help?

    I just assume that FontExpert.exe is supposed to have an ADS - I haven't had it installed for that long so wouldn't think there was time for anything to "attack" it, lol


    Thanks all!

  2. #2
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,169

    Default

    Hi SiM99,

    do you have signs of Malware ?
    Best regards - Beste Grüße,

    Matt

  3. #3
    Junior Member
    Join Date
    Feb 2010
    Posts
    2

    Default

    Quote Originally Posted by Matt View Post
    Hi SiM99,

    do you have signs of Malware ?
    I'm not getting redirected to websites I didn't want to visit, getting any unexpected popups or getting blocked from accessing software update sites.

    I've not got any extra icons on the desktop or anything running in the system tray trying to get me to download/buy any irus scanners or any other software.

    Nothing (as far as I know) has been installed that I haven't personally installed. I can check for sure once I get home from work.

    However, my computer has been stopping responding every now and then for no apparent reason. It's usually when I access an explorer window (running explorer.exe or clicking a "browse" button on something like the "Run" dialog or when saving a file on a web browser) but has also happened when running NewsLeecher, for example. When the problem seems to be caused by explorer.exe I can still acess other running programs as normal, by using alt+tab to switch to them, only the Window desktop/taskbar/system tray/explorer windows etc. will cease to respond. Viewing Task Manager usualyl reveals that explorer.exe is taking as uch CPU as it can - it's been up to about 99% on occasion.

    Come to think of it, explorer.exe taking lots of CPU will mean that NewsLeecher stops responding as well (when running par2 checks or extracting files) but setting the priority of explorer.exe to "Below Normal" or the one below that (can't remember the exact name) gets NewsLeecher responding (almost) normally.


    The results of my Ad-Aware scan didn't actually reveal anything big. I said that I had to check that because there were quite a few reports of malware displayed, but it turned out to be some random files I had downloaded a while back. I haven't executed any of these files and most of them were contained in archives (rar files) so I shouldn't have gotten infected by them. I've now deleted all of the files that were listed.

    I'm going to continue investigations when I get home from work later. If you have any further recommendations, please let me know.

    Thanks

    P.S. If I don't find anything obvious then I will most likely post a hijackthis log and request help before I go to bed...

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello SiM99,
    Quote Originally Posted by SiM99 View Post
    P.S. If I don't find anything obvious then I will most likely post a hijackthis log and request help before I go to bed...
    If you do that please see "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) and post the log in the Malware Removal Forum

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •