Results 1 to 4 of 4

Thread: Multiple "No admin in ACL" results on first rootkit scan

  1. #1
    Junior Member
    Join Date
    Mar 2014
    Posts
    2

    Question Multiple "No admin in ACL" results on first rootkit scan

    Was recommended to use S&D, so installed the free home version: 2.2.21.0. Thanks Guys!

    Running Windows 8.1; fully patched. Other security S/W is Windows Defender and Malwarebytes (scan on demand).

    Ran deep scan for rootkits. Got multiple red and amber flags. Stopped Windows Restore and deleted all restore points. Deleted the flagged items as suggested. Rebooted and reran the rootkit scan and the flags came back again. Herewith the S&D log:

    // info: Rootkit removal help file
    // copyright: (c) 2008-2014 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-1057265343-3467841543-1360626664-1001\$RZWV1SG:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-1057265343-3467841543-1360626664-1001\$RZWV1SG\Documents:ms-properties:$DATA"
    File:"Unknown ADS","C:\$Recycle.Bin\S-1-5-21-1057265343-3467841543-1360626664-1001\$RZWV1SG\Pictures:ms-properties:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\","LogonSoundPlayed"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Vol"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Kor\","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn\","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Cht\","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs\","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\IME\15.0\IMESC\","DUState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\IME\15.0\IMEJP\DictionaryUpdate\","DUState"

    All suggestions welcome, please.

    (Novice User!)

    Thanks!

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,475

    Default

    Hello Flummoxd,

    The log appears to be normal.

    In general all items found by the RootAlyzer are not necessarily malicious, it shows items which it believes to be out of the ordinary and may give a hint for an infection.

    How is the computer running in general, any issues?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Mar 2014
    Posts
    2

    Thumbs up

    Quote Originally Posted by tashi View Post
    Hello Flummoxd,

    The log appears to be normal.

    In general all items found by the RootAlyzer are not necessarily malicious, it shows items which it believes to be out of the ordinary and may give a hint for an infection.

    How is the computer running in general, any issues?

    Best regards.
    Hi Tashi

    Many thanks for casting your experienced eye over my logs and advising there are no infections. Malwarebytes found Trojan.FakeMS in a full scan, and decided I needed extra protection so installed Spybot S&D. Apart from this the computer appears to be fine.

    Thanks again!

    Best Wishes

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,475

    Default

    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •