Results 1 to 3 of 3

Thread: Unknown if infected

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Jan 2011
    Posts
    3

    Default Unknown if infected

    I downloaded Spybot 2 yesterday and installed it. I then ran Rootkit Analyzer to see if there might be any problems. I got a list of files with "Unknown ADS" and a list of "No Admin in ACL" in the registry. As I am unsure what those mean and was unable to find any info regarding them in the Help file, I am posting here for clarification. I am running Win 7. Hopefully I have followed the posting rules correctly, here goes.

    And here is my Rootkit Analyzer report:
    // info: Rootkit removal help file
    // copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Hidden file","C:\Windows\€ö,"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\1cc77fc5ae2d1e0.dat:4c38d25a-5577-4315-bae0-db26f9f0aa7b:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\68f8c465f8c432dc.dat:bb20f817-ad5e-492a-8d5d-9e218c413c08:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\6bc2994bc297ef5.dat:8ae5e360-4a2e-4567-a9e2-0026807e0e5d:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\84ee91c7ee91b242.dat:bed05f5f-e20b-4817-8e80-cb0677ec437e:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\a84024a84023929.dat:73853b75-e55e-4c79-91a1-974610eec255:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\aa9a039a9a036265.dat:cb9b8d6b-c0ed-4803-b55f-dd1fe87ff765:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\d4c013fac013e192.dat:1a23c403-2928-4471-b8a4-ba04d239ed48:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\e67049a1704978f7.dat:b6931927-1c1c-4166-95d1-b926a79da361:$DATA"
    File:"Unknown ADS","C:\Users\All Users\AVG2013\Chjw\e84604cb46049c86.dat:1bec6d24-3303-4531-ba34-6a5d8d5bb930:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\1cc77fc5ae2d1e0.dat:4c38d25a-5577-4315-bae0-db26f9f0aa7b:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\68f8c465f8c432dc.dat:bb20f817-ad5e-492a-8d5d-9e218c413c08:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\6bc2994bc297ef5.dat:8ae5e360-4a2e-4567-a9e2-0026807e0e5d:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\84ee91c7ee91b242.dat:bed05f5f-e20b-4817-8e80-cb0677ec437e:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\a84024a84023929.dat:73853b75-e55e-4c79-91a1-974610eec255:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\aa9a039a9a036265.dat:cb9b8d6b-c0ed-4803-b55f-dd1fe87ff765:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\d4c013fac013e192.dat:1a23c403-2928-4471-b8a4-ba04d239ed48:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\e67049a1704978f7.dat:b6931927-1c1c-4166-95d1-b926a79da361:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2013\Chjw\e84604cb46049c86.dat:1bec6d24-3303-4531-ba34-6a5d8d5bb930:$DATA"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{1024083A-700E-4930-8C75-DA9DFD3F4CE8}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{371733A1-12F5-4E38-82E8-A3CFCF9D666F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{4422A9FE-7955-465F-80D2-FDEE1776D49D}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{4EA1C3C6-7D38-40D4-976C-CA2709E27637}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{6461DDD1-48E9-41D4-8B5B-03618C68BB0B}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{B05EA49F-5EF1-41E2-AB5E-F8E4E0397B1D}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{B1D216ED-FBFF-48EB-8474-804E3D81BA07}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{BADE2EB5-0AA5-467A-B073-231B828EBF9F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{CC1B58C4-F064-48E0-9EBE-5C926A09697F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\","{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{CC1B58C4-F064-48E0-9EBE-5C926A09697F}\","InprocServer32"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\{B1D216ED-FBFF-48EB-8474-804E3D81BA07}\","InprocServer32"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{1024083A-700E-4930-8C75-DA9DFD3F4CE8}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{371733A1-12F5-4E38-82E8-A3CFCF9D666F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{4422A9FE-7955-465F-80D2-FDEE1776D49D}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{4EA1C3C6-7D38-40D4-976C-CA2709E27637}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{6461DDD1-48E9-41D4-8B5B-03618C68BB0B}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{B05EA49F-5EF1-41E2-AB5E-F8E4E0397B1D}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{B1D216ED-FBFF-48EB-8474-804E3D81BA07}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{BADE2EB5-0AA5-467A-B073-231B828EBF9F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{CC1B58C4-F064-48E0-9EBE-5C926A09697F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\","{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{CC1B58C4-F064-48E0-9EBE-5C926A09697F}\","InprocServer32"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\Wow6432Node\CLSID\{B1D216ED-FBFF-48EB-8474-804E3D81BA07}\","InprocServer32"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{1024083A-700E-4930-8C75-DA9DFD3F4CE8}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{371733A1-12F5-4E38-82E8-A3CFCF9D666F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{4422A9FE-7955-465F-80D2-FDEE1776D49D}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{4EA1C3C6-7D38-40D4-976C-CA2709E27637}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{6461DDD1-48E9-41D4-8B5B-03618C68BB0B}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{B05EA49F-5EF1-41E2-AB5E-F8E4E0397B1D}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{B1D216ED-FBFF-48EB-8474-804E3D81BA07}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{BADE2EB5-0AA5-467A-B073-231B828EBF9F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{CC1B58C4-F064-48E0-9EBE-5C926A09697F}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\","{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{CC1B58C4-F064-48E0-9EBE-5C926A09697F}\","InprocServer32"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{B1D216ED-FBFF-48EB-8474-804E3D81BA07}\","InprocServer32"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","AVCHDCodes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","DolbyAC3Stereo"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","DolbyAC3_5.1"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","GoGoCodes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MP3Codes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MPEG2E_Codes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MPEG2_Codes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MPEG4_Codes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MPEG4_MC0B_Codes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MPEG4_MC1D_Codes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MPEG4_MCC3_Codes"
    RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\MAGIX\","MPEG4_MCE8_Codes"
    Last edited by tashi; 2013-03-19 at 18:58. Reason: Moved from Malware forum- removed Malware forum logs

  2. #2
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    That are no rootkits.
    Most files belong to AVG and WOW.

    If you get ‘No admin in ACL’ this thread in our forum should help explaining:
    Unknown ADS and no Admin in ACL what is good and what is bad???
    Or here: Unknown ADS - Do I need to worry about...?

    Malware sometimes uses rootkit technology to hide itself at system level.
    This makes it undetectable by standard tools. Our plugins help Spybot – Search & Destroy to detect this form of malware.
    Our Rootkit Scanner tool shows anything that uses certain rootkit technologies. But items with rootkit properties detected here are not necessarily malware. Sometimes, legit software uses rootkit technologies to hide registration data or other things it does not want the user to see in any case. So please keep in mind that the Rootkit Scanner only flags suspicious stuff, not identifying just bad stuff.

    The deletion is final and can not be recovered through the Quarantine.
    If you still want to remove the found items it is strongly recommend to create a system restore point before doing that.

    Best regards
    Sandra
    Team Spybot

  3. #3
    Junior Member
    Join Date
    Jan 2011
    Posts
    3

    Default

    Thank you for letting me know nothing appears malicious.

    Ignore the question below, researched and found the answer myself. Just leaving it here in case anyone else happens on the thread.

    ----------------------------------------Original question - Found answer -------------------------------------------------

    I am curious about one more thing though. You say that most things belong to AVG and WOW, what is WOW?

    WOW6432 is part of the Windows 64 bit OS registry that helps 32 bit programs to operate correctly.
    Last edited by falcon8r; 2013-03-24 at 23:12. Reason: Found my answer elsewhere

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •