Results 1 to 8 of 8

Thread: SweetIm FP?

  1. #1
    Member
    Join Date
    Dec 2005
    Posts
    59

    Default SweetIm FP?

    I have reg entries for sweetIm no toolbar or exe. No page change on home page.Where would I have got it i did not download an Im or anything like that.Is this FP? I read your site it said it could be rootkit. How do I check for rootkit

  2. #2
    Member
    Join Date
    Dec 2005
    Posts
    59

    Exclamation

    Quote Originally Posted by johnwrites View Post
    I have reg entries for sweetIm no toolbar or exe. No page change on home page.Where would I have got it i did not download an Im or anything like that.Is this FP? I read your site it said it could be rootkit. How do I check for rootkit
    I see no way to edit the post.? I wanted to add i did not download smileys or games and rarely go on face book
    Last edited by johnwrites; 2012-05-12 at 14:04. Reason: more background info

  3. #3
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    The registry entries shown in your screen shot are from SweetIM it is not a FP.
    This is exactly one of the reasons why SweetIM gets detected, because it installs without you knowing about it.
    It could have come as a bundle with other software without noticing you properly about it.

    Spybot S&D does automatically check for known rootkits, however if you want to do a seperate scan for rootkits that can detect other rootkits methods being used you can try our RootAlyzer or other rootkit detection tools like GMER

    Editing posts in our forums is possible only for a limited time after the post has been posted.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  4. #4
    Member
    Join Date
    Dec 2005
    Posts
    59

    Default

    Thanks. Does that mean i may have an exe file. Is there any way to tell the date it was installed

  5. #5
    Member
    Join Date
    Dec 2005
    Posts
    59

    Default

    Unknown ADS and NO admin in ACL is what i get from a deep root scan with RootAnalyzer?

  6. #6
    Member
    Join Date
    Dec 2005
    Posts
    59

    Default

    here is an quick scan with RootAlyzer

    Gmer causes a BSOD

  7. #7
    Member
    Join Date
    Dec 2005
    Posts
    59

    Default

    From the scan with RootAlyzer
    RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\","System\0"
    // Attention: entries with a zero character will not be displayed correctly and may not work!
    I am unable to open the system in the above reg entry, says file cannot be found. I deleted the entries shown in my Op screenshot, is that why

  8. #8
    Member
    Join Date
    Dec 2005
    Posts
    59

    Default

    Rootkit Buster says I am clean

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •