Results 1 to 5 of 5

Thread: First time rootkit scan

  1. #1
    Junior Member
    Join Date
    Jan 2013
    Location
    N Yorkshire
    Posts
    2

    Default First time rootkit scan

    Hi
    I have just installed and run Spybot and it has identified several possible rootkit threats. I need some advice as th what they are and how to deal with them.

    The log is shown below: -

    // info: Rootkit removal help file
    // copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Hidden file","C:\Windows\System32\SmartSoft PDF Printer Port"
    File:"Unknown ADS","D:\Recorded TV\All Creatures Great and Small\Trimmed\11- The rough and the smooth.mpg:TOC.WMV:$DATA"
    File:"Unknown ADS","D:\Recorded TV\All Creatures Great and Small\Trimmed\20090710 New beginnings.mpg:TOC.WMV:$DATA"
    File:"Unknown ADS","D:\Recorded TV\All Creatures Great and Small\Trimmed\20090713 Dog Days.mpg:TOC.WMV:$DATA"
    File:"Unknown ADS","D:\Recorded TV\All Creatures Great and Small\Trimmed\20090716.mpg:TOC.WMV:$DATA"
    File:"Unknown ADS","D:\My Pictures\Microlight\last visit to mappleton 016.AVI:TOC.WMV:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\My Kindle Content\Aesops-Fables.azw:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\My Kindle Content\Pride-and-Prejudice.azw:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\My Kindle Content\Treasure-Island.azw:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\2023.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\4D Doodler.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\A columbus of space.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\A-Colony-on-Mars.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\A-Voyage-to-Arcturus.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Accidental_Flight.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Advanced_Chemistry.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Aerophilia.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Aesops-Fables.azw:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Agent_to_the_Stars.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Alarm clock.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Alien_Cradle.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Alien_Offer.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\All day September.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Armageddon—2419_A.D..pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Atom_Drive.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\B-12s_Moon_Glow.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Bad medicine.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Beyond the great oblivion.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Beyond the vanishing point.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Binary.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Black_Amazon_of_Mars.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Blessed are the meek.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Blind man's lantern.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Blindsight.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Brain twister.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Bread overhead.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Breaking point.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\By_Earthlight.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Captain_Gardiner_of_the_Inte.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Category_Phoenix.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Cerebrum.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\circle of zero.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\City at world's end.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Code three.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Colours of space.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Conquest_Over_Time.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Contamination_Crew.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Cory_Doctorows_Futuristic_Tales_of_the_Here_and_Now_PDF.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Dream.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Fader-Act-I.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Pride-and-Prejudice.azw:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The affair of the brains.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The beast of space.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The cosmic computer.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The creature from beyond infinity.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The_Aliens.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The_Black_Star_Passes.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The_Black_Tide.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The_Cavern_of_the_Shining_On.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\The_Cosmic_Deflector.pdf:uidStream:$DATA"
    File:"Unknown ADS","C:\Users\Den and Ann\Documents\E-books\Treasure-Island.azw:uidStream:$DATA"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF022A17F4528853FD.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF07F913C23C9AF376.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF0B5F78F2EFA0D5EB.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF16D0E6C5A83B787B.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF31C5B818C6D2FA52.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF32E9E852C693BEB9.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF3C36106245564951.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF412018BA21EA84E5.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF454682A0D3B9B9D6.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF5B0EAF4E2CFCB222.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF5D02A1896A1C1C2A.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF676795320CA07E44.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF7B9C699204F340CD.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF7E64777AD08D3138.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF82A4E350FCB0970F.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF8F4198E6217E6295.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF967D262FEF05D78D.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DF970B858B79C7C91A.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFBC9F43116A367DE8.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFC894CEB9C7174EF9.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFC99E08D9EAEB9C3C.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFCFE033189478DE3B.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFDE63F1915F2D0843.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFEACBA5DDB56D0C2A.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFF9E61919FE1C6D93.TMP"
    File:"No admin in ACL","C:\Users\Den and Ann\AppData\Local\Temp\~DFFF37B8476F0C39FC.TMP"
    File:"No admin in ACL","C:\Users\All Users\Microsoft\SLDL\4562d563-878a-48d8-b28e-faf94ad1f77e\00d338a4-b04f-4fe8-9e1f-cad462d1fedb"
    File:"No admin in ACL","C:\ProgramData\Microsoft\SLDL\4562d563-878a-48d8-b28e-faf94ad1f77e\00d338a4-b04f-4fe8-9e1f-cad462d1fedb"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\","Flyout"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"


    Thanks

    Den

  2. #2
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    That are no rootkits.
    The found items is mostly kindle content and e-books, also some recorded tv stuff.
    About the temp files I'm not sure.
    If you decide to delete them I would recommend to make a system restore point before, in case that are needed files. The deletion is final and can not be recovered through the Quarantine with Spybot.

    Best regards
    Sandra
    Team Spybot

  3. #3
    Junior Member
    Join Date
    Jan 2013
    Location
    N Yorkshire
    Posts
    2

    Default

    Sandra
    Thank you for that reply, is there a way I can stop Spybot from flagging these on future scans?

  4. #4
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    At the moment not.
    But we are improving the rootkit scan feature for upcoming versions.

    Bst regards
    Sandra
    Team Spybot

  5. #5
    Translator Team bbnetwork's Avatar
    Join Date
    Feb 2012
    Location
    Germany- Saxony
    Posts
    595

    Default

    Quote Originally Posted by den44 View Post
    Sandra
    Thank you for that reply, is there a way I can stop Spybot from flagging these on future scans?
    did u try to whitelist the system?
    Last edited by bbnetwork; 2013-01-18 at 14:22.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •