-
evil rootkits or legit rootkits ?
Hello there.
First, i'd like to thank you for your work and the answers you give on this forum.
Then, i'd like to show you my rootalyzer log, because there are some lines I worry about.
// info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Hidden file","C:\Windows\0"
File:"Unknown ADS","D:\Dropbox\033.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\tintin-1.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\time lapse\au bureau.mp4:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\time lapse\au bureau2.mp4:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\time lapse\aubureau12.mp4:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\time lapse\aubureau3.mp4:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\tbnd\BND.bmp:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\pognon\trop perçu impôts.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Photos\homer-woohoo-42.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Photos\Hong-Kong-skyline.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\orange\forfaits.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\montages\2013.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\montages\20130222_090924.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\montages\flo.png:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\montages\nuage.bmp:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\montages\wallpaper-batman-year-one-dvd-movie.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\escrime\Riot A.C.T. - Blade Demo 2008 - YouTube! [freecorder.com].webm:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\escrime\sarah_0.mp4:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 09.09.24.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 14.47.03.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 15.24.04.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 16.50.48.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 16.55.55.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-22 17.01.41.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-02-23 17.09.36.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-03-04 12.58.45.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-03-04 12.58.50.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-03-04 12.58.58.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-03-09 19.52.17.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","D:\Dropbox\Chargements appareil photo\2013-03-12 19.49.24.jpg:com.dropbox.attributes:$DATA"
File:"Unknown ADS","C:\Users\Patrick\Documents\Scanned Documents\Bienvenue.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\Users\Patrick\AppData\Local\6HgTuuQBb:eaPbMd81WEnPVZ2zjg7iE9a:$DATA"
File:"Unknown ADS","C:\Users\Patrick\AppData\Local\Temp:DUKZkumMrwEVGyOQoWj0cDF:$DATA"
File:"No admin in ACL","C:\Users\Patrick\AppData\Local\Google\Google Talk Plugin\googletalkplugin_port"
File:"No admin in ACL","C:\Users\Patrick\AppData\Local\Google\Google Talk Plugin\googletalkplugin_ws_port"
File:"Unknown ADS","C:\Users\All Users\Microsoft:BkiauIJwtrO5c531xn4biU67:$DATA"
File:"Unknown ADS","C:\Users\All Users\Microsoft:UgB5XBkxxNSVD1KwAMZGbV:$DATA"
File:"Unknown ADS","C:\Users\All Users\Temp:07BF512B:$DATA"
File:"Unknown ADS","C:\ProgramData\Microsoft:BkiauIJwtrO5c531xn4biU67:$DATA"
File:"Unknown ADS","C:\ProgramData\Microsoft:UgB5XBkxxNSVD1KwAMZGbV:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared:3qcAEh56R9OFU7H0dHs5d3:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\W3y1Th6Q:VsC3ntI5XbAS5xndnl8oP:$DATA"
I think Dropbox files are OK, but what about the Windows hidden file and the non Dropbox ones ?
Thank you,
best regards,
p.
-
Hello,
I'm not sure about these ones:
File:"Unknown ADS","C:\Users\Patrick\AppData\Local\6HgTuuQBb:eaPbMd81WEnPVZ2zjg7iE9a:$DATA"
File:"Unknown ADS","C:\Users\Patrick\AppData\Local\Temp:DUKZkumMrwEVGyOQoWj0cDF:$DATA"
File:"Unknown ADS","C:\Users\All Users\Temp:07BF512B:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\System\W3y1Th6Q:VsC3ntI5XbAS5xndnl8oP:$DATA"
If you want you can delete them.
But the deletion is final and can not be recovered through the Quarantine.
If you still want to remove the found items it is strongly recommend to create a system restore point before doing that.
Best regards
Sandra
Team Spybot
-
Thank you Sandra.
And what about the hidden file in C: ?
Best,
p.
-
Hello,
That could be a hidden system file.
But if you make a restore point anyway, you can fix it too and see if there are any system problems or if everything runs fine after deleting it.
Best regards
Sandra
Team Spybot
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules