Results 1 to 2 of 2

Thread: Help analyzing rootkit scan results

  1. 2013-11-04, 23:29 #1
    Copernicus1
    Copernicus1 is offline
    Junior Member
    Join Date
    Nov 2013
    Posts
    1

    Default Help analyzing rootkit scan results

    Hello-

    This morning my computer was infected with the search.conduit virus. I've gotten to the point where malwarebytes and avg are coming up clean, but spybot keeps pulling up 6-10 threats each time I run it. I just did a rootkit scan and the results apparently too large to attach. The files that worry me the most are at the bottom. Thanks in advance for your help!

    These are the ones that concern me the most:
    File:"Unknown ADS","C:\Windows:nlsPreferences:$DATA"
    File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2014\Chjw\3e604955604914d5.dat:7ca1d92e-c20d-4c11-b937-fd6a985d3854:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2014\Chjw\502063d32063be9a.dat:d6702461-bcba-495c-9171-912ca9ad8c1d:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2014\Chjw\502063d32063be9a.dat:e4fcc80c-ec2d-487f-a207-0c349f859e57:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2014\Chjw\663cd41e3cd3e759.dat:0dd54b05-1605-4b3d-8da5-6e731ac15d06:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2014\Chjw\aa525cd3525ca5bb.dat:870cb555-2312-486b-aa9f-492aee539a52:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    Reply With Quote Reply With Quote
  2. 2013-11-05, 06:19 #2
    tashi
    tashi is online now
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello Copernicus1,

    Quote Originally Posted by Copernicus1 View Post
    These are the ones that concern me the most:
    File:"Unknown ADS","C:\Windows:nlsPreferences:$DATA"
    Nalpeiron Licensing Service, Software Licensing.

    Quote Originally Posted by Copernicus1 View Post
    File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2014\Chjw\3e604955604914d5.dat:7ca1d92e-c20d-4c11-b937-fd6a985d3854:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2014\Chjw\502063d32063be9a.dat:d6702461-bcba-495c-9171-912ca9ad8c1d:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2014\Chjw\502063d32063be9a.dat:e4fcc80c-ec2d-487f-a207-0c349f859e57:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2014\Chjw\663cd41e3cd3e759.dat:0dd54b05-1605-4b3d-8da5-6e731ac15d06:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG2014\Chjw\aa525cd3525ca5bb.dat:870cb555-2312-486b-aa9f-492aee539a52:$DATA"
    Microsoft Office and AVG2014 data.

    Quote Originally Posted by Copernicus1 View Post
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    Please see this topic: http://forums.spybot.info/showthread...these-rootkits

    Hope that helps.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules