Results 1 to 6 of 6

Thread: Something found

  1. #1
    Junior Member
    Join Date
    Dec 2012
    Posts
    3

    Default Something found

    Hi,

    This is what was found:


    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\cabundle.crt"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\MetaData"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\usagestatsinstall.log"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-CHS.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-CHT.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-CSY.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-DAN.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-DEU.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-ELL.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-ENG.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-ENU.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-ESL.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-ESN.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-ESP.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-FIN.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-FRA.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-HUN.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-ITA.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-JPN.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-KOR.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-NLD.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-NOR.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-PLK.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-PTB.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-PTG.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-RUS.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-SKY.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-SLV.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-SVE.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-THA.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-TRK.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline.xml"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\MetaData\cddbplm.gcf"
    File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\MetaData\elists.db"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\cabundle.crt"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\MetaData"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\usagestatsinstall.log"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-CHS.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-CHT.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-CSY.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-DAN.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-DEU.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-ELL.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-ENG.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-ENU.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-ESL.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-ESN.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-ESP.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-FIN.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-FRA.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-HUN.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-ITA.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-JPN.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-KOR.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-NLD.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-NOR.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-PLK.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-PTB.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-PTG.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-RUS.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-SKY.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-SLV.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-SVE.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-THA.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline-TRK.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\PushMarketingFeeds\offline.xml"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\MetaData\cddbplm.gcf"
    File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\MetaData\elists.db"
    File:"Unknown ADS","C:\OEM\Preload\Autorun\APP\Acer Clear.fi Client:$WIMMOUNTDATA:$DATA"
    File:"Unknown ADS","C:\OEM\Preload\Autorun\APP\HotKey Utility v2.5:$WIMMOUNTDATA:$DATA"



    Are most of those part of Nero burn software or what :( ?

  2. #2
    Junior Member
    Join Date
    Dec 2012
    Posts
    3

    Default

    Forgot to mention that current Spybot version I'm using is

    2.0.12.0

    Start center
    2.0.12.126

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Hello Rontti,

    Your question is similar to the one posted here: http://forums.spybot.info/showthread.php?t=67206

    How is the computer running?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Junior Member
    Join Date
    Dec 2012
    Posts
    3

    Default

    Thanks for the answer. Yes, it appears to be a similar case. I read that list and I actually found some very same results.

    So it might be rather safe to assume that this is Nero related. Though that list I posted missed one line:

    File:"Unknown ADS","C:\Users\All Users\Temp:5C321E34:$DATA"

    Don't know what that is, but my computer is running fine and I have not noticed anything suspicious. It is just that I occasionally like to run scans to make sure that there isn't anything lurking in my computer. I konw that Spybot 2.0.xx is warning that not all rookit search results are necessarily malware related.

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Hello Rontti,
    Quote Originally Posted by Rontti View Post
    Though that list I posted missed one line:

    File:"Unknown ADS","C:\Users\All Users\Temp:5C321E34:$DATA"
    It's running out of a temp directory, usually a cleanup of temp files will remove such.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  6. #6
    Junior Member
    Join Date
    Jan 2013
    Posts
    4

    Default ADS file examined

    Quote Originally Posted by tashi View Post
    Hello Rontti,

    It's running out of a temp directory, usually a cleanup of temp files will remove such.
    Not sure what you mean "running out of a temp directory". Its alternate data stream located in the directory itself. Cleaning it out wouldn't have any effect.
    I have this same thing, so I took the liberty of extracting the data, and I haven't been able to find out where it came from or what it is yet. I'm guessing it comes from a cygwin or virtualbox installation, but haven't had time to investigate.
    In the hex viewer (file analyzer) for some reason the or 0XD8 is gray. not sure what that is supposed to mean. Null highlight or something?


    My OS: WIN7 X64 w I7 950

    Stream Name : :5C321E34:$DATA
    Filename : C:\Users\All Users\TEMP
    Full Stream Name : C:\Users\All Users\TEMP:5C321E34
    Stream Size : 100
    Stream Allocated Size: 104
    File name: TEMP_5C321E34

    HEX:
    2B C1 C7 59 7C 16 2C D8 30 A8 E1 DB FB 67 87 F3 E5 02 FA 30 A7 80 DD 38 39 D9 9D AC 17 9B E0 5E D8 0C 3F D0 1C 55 9F 83 26 7E 2C 60 C6 45 BE 5B 45 B4 6A 35 E7 59 85 10 C9 F7 C4 2C CF 44 79 80 84 08 CF 1C 3B 86 B2 BB 0B D2 56 74 78 BE FF 66 EB D1 91 6C AA 79 27 3D 5D 51 6C E8 32 64 BE 66 9E 6A 68 04

    ASCII:
    +Y|,0g‡0€89ٝ›^?UŸƒ&~,`E[Ej5Y…,Dy€„;†Vtxf‘ly'=]Ql2dfžjh

    HASHES:
    CRC-32: Cyclic redundancy check, 32 bit: 57EA9DD8

    MD2: Message-Digest algorithm 2: 9D154F00290B74DE5C99C97FAFDC0991
    MD4: Message-Digest algorithm 4: 5F0B2C5B4F9FCB2855EDA56BAB836CD2
    e2dk: 2286bb9bda57fd28da9cc8ff33d69454
    MD5: Message-Digest algorithm 5: E06EE32287F4E9927D736BBB3BB5BE04
    SHA-0: US Secure Hash Algorithm 0: B4B811231206F21778D5A4C45477757C01BB51E0
    SHA-1: US Secure Hash Algorithm 1: 6E12AAD290A3394674F3917E8A5992E25EC60EE3
    SHA-256: US Secure Hash Algorithm: 5BBEA3A5BCBB9A8703E2C5199B40774504451079A4F29D0B467E3FAE3D9C7DC7
    SHA-384: US Secure Hash Algorithm: E650687ABE7FE118438FE47CD115D7288C74ACF54E7C57F2BD34A33D34B248587ED9DCA3B6A7E69AECC3F59770B5384C
    SHA-512: US Secure Hash Algorithm: 3B26F0792C309097BFE0AB810771EB62418A34FC36EC95EE47B5799DEF9E0C6697FBD42AFBC1B8CB28B7695904A5A74B085C31F67665319968E37B664D4C31E2
    RipeMD-128: RACE Integrity Primitives Evaluation MD: A5A2277DE2A323AA7A794B971B2C83D3
    RipeMD-160: RACE Integrity Primitives Evaluation MD: E53077D375FA7A8C209C927A54A5450EAD5822F7
    RipeMD-256: RACE Integrity Primitives Evaluation MD: 0F891DADF01376407F6C04E684FCE67FE518C0E6FE43A1F9E77BA6A92210923B
    RipeMD-320: RACE Integrity Primitives Evaluation MD: 2739F940FD1A440DEE19587225ED53783F53A8EFAB62C4CAD5BF7084B0938EFF6DFD453117F20D43
    HAVAL-128: 0D6DF5DBA1DC1DA0C0C4F964C888C7E8
    HAVAL-160: 9C389C59CCC30B87C46CA8FF9D9BB0A532499BA7
    HAVAL-192: 65C7B6C5D10C8BD4D7395CAF6916C473F07D7226B585E763
    HAVAL-224: 919A47751B453147B48F0FB965ED6A4D94A2B4AF0CA6F34F40E58E38
    HAVAL-256: 90A7DF490FBF69EA4C7E34624FF69C057BB1A9265A8E06A98A710D0659F2FFDE
    Snefru-128: F5DE6FBAE3AD6AF725549313822B06A8
    Snefru-256: 88FB01C223A0E0DB13BEB9321A8FA7DFD430F394D30A3FE50701383EF0D61D0D
    Tiger-192: 6FF429F3C1C5B69AF8513B026AD8EC908E928E0807324BD3
    Panama: EFE5D0DE6076A773D274C3F1F69092CCB03AAFBB64F187DF24309A1ABB79E41C
    Square: CD5843CEF32826A6D2BC531405F1029C
    SSDeep: 3:P9nDAnfVC+cp8+L3KRUg1sSfXpdjB3zfaDc+RbPNhn:FWUJ6RUgm4RfaDccbr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •