Results 1 to 5 of 5

Thread: Are these rootkits

  1. #1
    Junior Member
    Join Date
    Mar 2013
    Posts
    3

    Default Are these rootkits

    Could someone please tell me if these are rootkits (attached screenshot).

    I'm running Windows 8 pro 64bit
    Hardware: Microsoft Surface Pro

    Edit: oh yeah, also the quick scan has a red x on one of the entries and says:

    "Master Boot Records
    1MBR checked
    Unknown MBRs: PhysicalDrive0"

    Thanks!
    Last edited by Creature; 2013-03-13 at 05:17.

  2. #2
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    The complete file path would help which is visible in the RootAlyzer log.
    C:\ProgramData\Spybot - Search & Destroy\Logs

    But I do not think that this is a Rootkit.
    That are just hidden files.

    If you get ‘No admin in ACL’ this thread in our forum should help explaining:
    Unknown ADS and no Admn in ACL what is good and what is bad???

    Malware sometimes uses rootkit technology to hide itself at system level.
    This makes it undetectable by standard tools. Our plugins help Spybot – Search & Destroy to detect this form of malware.
    Our Rootkit Scanner tool shows anything that uses certain rootkit technologies. But items with rootkit properties detected here are not necessarily malware. Sometimes, legit software uses rootkit technologies to hide registration data or other things it does not want the user to see in any case. So please keep in mind that the Rootkit Scanner only flags suspicious stuff, not identifying just bad stuff.

    The deletion is final and can not be recovered through the Quarantine.
    If you still want to remove the found items it is strongly recommend to create a system restore point before doing that.

    Best regards
    Sandra
    Team Spybot

  3. #3
    Junior Member
    Join Date
    Mar 2013
    Posts
    3

    Default

    Thanks, spybotsandra!

    Here's the log:

    // info: Rootkit removal help file
    // copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"

  4. #4
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    They are legit and nothing to worry about.

    Best regards
    Sandra
    Team Spybot

  5. #5
    Junior Member
    Join Date
    Mar 2013
    Posts
    3

    Default

    Wonderful! Thanks so much!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •