-
Rootkit analysis question
I ran the rootkit scan from Spybot 2.0.12.0 which gave me back the following:
// info: Rootkit removal help file
// copyright: (c) 2008-2012 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Hidden file","C:\Windows\Àóo"
...
File:"Invisible to Win32","C:\boott! s"
I've searched everywhere I know and can find no reference to "boott!". Can anyone tell me what I've found?
Thanks,
RMG
-
Hello,
That sounds strange, but it can't be said that these files are really bad.
It would help if we can get them as sample and take a look at them.
As they are hidden and invisible, did you change your folder options to make them visible? They should be stored under C:\Windows
Best regards
Sandra
Team Spybot
-
Re: Rootkit Analysis Question
I did change the folder options, and can't locate the files. Spybot claims they are at "C:\boott!" but it doesn't appear to be there or in c:\Windows. I don't have any particular issues, I'd just like to know what they are.
RG
-
Hello,
You can create a system restore point at first.
Then try to remove the found entry.
Best regards
Sandra
Team Spybot
-
Can't find them
>>You can create a system restore point at first.
>>Then try to remove the found entry.
Unfortunately, I can't find them. Spybot reports them, and their location, but they don't show up any other way.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Reply With Quote