Results 1 to 4 of 4

Thread: evil rootkits or legit rootkits ?

  1. #1
    Junior Member
    Join Date
    Mar 2013
    Posts
    2

    Default evil rootkits or legit rootkits ?

    Hello there.

    First, i'd like to thank you for your work and the answers you give on this forum.

    Then, i'd like to show you my rootalyzer log, because there are some lines I worry about.

    // info: Rootkit removal help file
    // copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Hidden file","C:\Windows\0"
    File:"Unknown ADS","D:\Dropbox\033.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\tintin-1.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\time lapse\au bureau.mp4:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\time lapse\au bureau2.mp4:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\time lapse\aubureau12.mp4:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\time lapse\aubureau3.mp4:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\tbnd\BND.bmp:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\pognon\trop perçu impôts.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\Photos\homer-woohoo-42.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\Photos\Hong-Kong-skyline.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\orange\forfaits.png:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\montages\2013.png:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\montages\20130222_090924.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\montages\flo.png:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\montages\nuage.bmp:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\montages\wallpaper-batman-year-one-dvd-movie.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\escrime\Riot A.C.T. - Blade Demo 2008 - YouTube! [freecorder.com].webm:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\escrime\sarah_0.mp4:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 09.09.24.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 14.47.03.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 15.24.04.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 16.50.48.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 16.55.55.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 17.01.41.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-23 17.09.36.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-03-04 12.58.45.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-03-04 12.58.50.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-03-04 12.58.58.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-03-09 19.52.17.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-03-12 19.49.24.jpg:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","C:\Users\Patrick\Documents\Scanned Documents\Bienvenue.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
    File:"Unknown ADS","C:\Users\Patrick\AppData\Local\6HgTuuQBb:eaPbMd81WEnPVZ2zjg7iE9a:$DATA"
    File:"Unknown ADS","C:\Users\Patrick\AppData\Local\Temp:DUKZkumMrwEVGyOQoWj0cDF:$DATA"
    File:"No admin in ACL","C:\Users\Patrick\AppData\Local\Google\Google Talk Plugin\googletalkplugin_port"
    File:"No admin in ACL","C:\Users\Patrick\AppData\Local\Google\Google Talk Plugin\googletalkplugin_ws_port"
    File:"Unknown ADS","C:\Users\All Users\Microsoft:BkiauIJwtrO5c531xn4biU67:$DATA"
    File:"Unknown ADS","C:\Users\All Users\Microsoft:UgB5XBkxxNSVD1KwAMZGbV:$DATA"
    File:"Unknown ADS","C:\Users\All Users\Temp:07BF512B:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft:BkiauIJwtrO5c531xn4biU67:$DATA"
    File:"Unknown ADS","C:\ProgramData\Microsoft:UgB5XBkxxNSVD1KwAMZGbV:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared:3qcAEh56R9OFU7H0dHs5d3:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\W3y1Th6Q:VsC3ntI5XbAS5xndnl8oP:$DATA"

    I think Dropbox files are OK, but what about the Windows hidden file and the non Dropbox ones ?

    Thank you,
    best regards,
    p.

  2. #2
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    I'm not sure about these ones:

    File:"Unknown ADS","C:\Users\Patrick\AppData\Local\6HgTuuQBb:eaPbMd81WEnPVZ2zjg7iE9a:$DATA"
    File:"Unknown ADS","C:\Users\Patrick\AppData\Local\Temp:DUKZkumMrwEVGyOQoWj0cDF:$DATA"
    File:"Unknown ADS","C:\Users\All Users\Temp:07BF512B:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\W3y1Th6Q:VsC3ntI5XbAS5xndnl8oP:$DATA"

    If you want you can delete them.
    But the deletion is final and can not be recovered through the Quarantine.
    If you still want to remove the found items it is strongly recommend to create a system restore point before doing that.

    Best regards
    Sandra
    Team Spybot

  3. #3
    Junior Member
    Join Date
    Mar 2013
    Posts
    2

    Default

    Thank you Sandra.

    And what about the hidden file in C: ?

    Best,
    p.

  4. #4
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    That could be a hidden system file.
    But if you make a restore point anyway, you can fix it too and see if there are any system problems or if everything runs fine after deleting it.

    Best regards
    Sandra
    Team Spybot

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •