Results 1 to 2 of 2

Thread: Norton component identified as a rootkit

  1. #1
    Junior Member Tech83's Avatar
    Join Date
    Jul 2011

    Post Norton component identified as a rootkit

    Hi! All,

    The following: Type: Folder
    Object: SrtETmp
    Location: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\
    Details: No admin in ACL

    is identified as being a rootkit by the Rootkit scanner in Spybot S&D; this is not a rootkit but a crucial component for Norton Internet Security, Norton 360 and Norton Antivirus to properly function. Please make the appropriate adjustments to Spybot S&D 2.0 to prevent this false positive from occuring as less aware users of both programs may instruct Spybot to remove this crucial component of Norton products causing the Norton products to crash and giving Spybot an un-needed bad name.


  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005



    thank you for reporting this.
    The separate rootkit scanner within Spybot S&D 2 is an advanced tool meant to be used by advanced users only.
    As opposed to the signature based standard scan which will find rootkit infections based on signatures the separate rootkit scan scans for system anomalies indicating the presence of unknown rootkits.
    That is also the reason why there is no direct cleaning function in the rootkit scanner.

    In this case the admin in ACL (Access Control List) is missing, this could be intentional by Symantec or it could be a result of a manipulation done by other software, for instance a rootkit. This does not mean that the found entry is part of the rootkit but that it can indicate rootkit manipulation.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts