Results 1 to 4 of 4

Thread: Are the found items really Rootkits?

  1. 2013-02-26, 19:21 #1
    Gisa Rodrigues
    Gisa Rodrigues is offline
    Junior Member
    Join Date
    Feb 2013
    Posts
    2

    Smile Are the found items really Rootkits?

    Hello all! I'm new to the forum and do not write well in English, I hope you can understand.
    Well, I did a scan with spybot and it detected several suspects, I'll post the images below for the results that you guys can help me identify.







    I await your help because I'm afraid to delete any important file.

    Thank you in advance!
    Last edited by Gisa Rodrigues; 2013-02-26 at 19:25. Reason: images were not showing up
    Reply With Quote Reply With Quote
  2. 2013-02-27, 12:51 #2
    spybotsandra
    spybotsandra is offline
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    Maybe you can copy the RootAlyzer log?
    It should be stored here:
    C:\ProgramData\Spybot - Search & Destroy\Logs

    Best regards
    Sandra
    Team Spybot
    Reply With Quote Reply With Quote
  3. 2013-03-09, 19:58 #3
    Gisa Rodrigues
    Gisa Rodrigues is offline
    Junior Member
    Join Date
    Feb 2013
    Posts
    2

    Default Log RootAlyzer

    Hello Sandra!
    I appreciate the response, I copied the log from a recent scan


    // info: Rootkit removal help file
    // copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Hidden file","C:\Windows\ŕó!"
    File:"Invisible to Win32","C:\Boott! s"
    File:"No admin in ACL","C:\Users\Todos os Usuários\Booms"
    File:"No admin in ACL","C:\Users\Todos os Usuários\BSD"
    File:"No admin in ACL","C:\Users\Todos os Usuários\PKP_DLdu.DAT"
    File:"No admin in ACL","C:\Users\Todos os Usuários\PKP_DLdw.DAT"
    File:"No admin in ACL","C:\Users\Todos os Usuários\Ultima_T15\reg_configec.stn"
    File:"No admin in ACL","C:\Users\Todos os Usuários\Ultima_T15\reg_configee.stn"
    File:"No admin in ACL","C:\Users\Todos os Usuários\Real\setup\config.ini"
    File:"No admin in ACL","C:\Users\Todos os Usuários\Microsoft\Office\DATA"
    File:"No admin in ACL","C:\Users\Todos os Usuários\Microsoft\Office\DATA\OPA12.BAK"
    File:"No admin in ACL","C:\Users\Todos os Usuários\Microsoft\Office\DATA\opa12.dat"
    File:"No admin in ACL","C:\Users\Todos os Usuários\EnterNHelp\hxde.xxc"
    File:"No admin in ACL","C:\Users\Todos os Usuários\EnterNHelp\hxdg.xxc"
    File:"No admin in ACL","C:\Users\Todos os Usuários\EnterNHelp\hxes.xxb"
    File:"No admin in ACL","C:\Users\Todos os Usuários\EnterNHelp\hxeu.xxb"
    File:"No admin in ACL","C:\Users\Nino & Gisa\AppData\Roaming\Audio Units"
    File:"No admin in ACL","C:\Users\Nino & Gisa\AppData\Roaming\Real\Update\UpgradeHelper"
    File:"No admin in ACL","C:\Users\Nino & Gisa\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer"
    File:"No admin in ACL","C:\Users\All Users\Booms"
    File:"No admin in ACL","C:\Users\All Users\BSD"
    File:"No admin in ACL","C:\Users\All Users\PKP_DLdu.DAT"
    File:"No admin in ACL","C:\Users\All Users\PKP_DLdw.DAT"
    File:"No admin in ACL","C:\Users\All Users\Ultima_T15\reg_configec.stn"
    File:"No admin in ACL","C:\Users\All Users\Ultima_T15\reg_configee.stn"
    File:"No admin in ACL","C:\Users\All Users\Real\setup\config.ini"
    File:"No admin in ACL","C:\Users\All Users\Microsoft\Office\DATA"
    File:"No admin in ACL","C:\Users\All Users\Microsoft\Office\DATA\OPA12.BAK"
    File:"No admin in ACL","C:\Users\All Users\Microsoft\Office\DATA\opa12.dat"
    File:"No admin in ACL","C:\Users\All Users\EnterNHelp\hxde.xxc"
    File:"No admin in ACL","C:\Users\All Users\EnterNHelp\hxdg.xxc"
    File:"No admin in ACL","C:\Users\All Users\EnterNHelp\hxes.xxb"
    File:"No admin in ACL","C:\Users\All Users\EnterNHelp\hxeu.xxb"
    File:"No admin in ACL","C:\ProgramData\Booms"
    File:"No admin in ACL","C:\ProgramData\BSD"
    File:"No admin in ACL","C:\ProgramData\PKP_DLdu.DAT"
    File:"No admin in ACL","C:\ProgramData\PKP_DLdw.DAT"
    File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configec.stn"
    File:"No admin in ACL","C:\ProgramData\Ultima_T15\reg_configee.stn"
    File:"No admin in ACL","C:\ProgramData\Real\setup\config.ini"
    File:"No admin in ACL","C:\ProgramData\Microsoft\Office\DATA"
    File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxde.xxc"
    File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxdg.xxc"
    File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxes.xxb"
    File:"No admin in ACL","C:\ProgramData\EnterNHelp\hxeu.xxb"
    File:"No admin in ACL","C:\Program Files\Common Files\INCA Shared\OnlineEngine\BWTTrustList.dat"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\","LogonSoundPlayed"


    Can you help me identify if this alright?
    Thanks again
    Reply With Quote Reply With Quote
  4. 2013-03-11, 13:55 #4
    spybotsandra
    spybotsandra is offline
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    That seem to be hidden Program Data files.
    Nothing to worry.

    Best regards
    Sandra
    Team Spybot
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules