Results 1 to 10 of 11

Thread: RootAlyzer Results - Anything I should worry about?

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Apr 2014
    Posts
    6

    Default RootAlyzer Results - Anything I should worry about?

    Hello,

    I did the first scan with RootAlyzer here are the results:

    // info: Rootkit removal help file
    // copyright: (c) 2008-2014 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Users\AAA:zylomtest:$DATA"
    File:"Unknown ADS","C:\Users\AAA:zylomtr{000HQ7FF-AD7A-3FG5-CHL5-24516UNKQ673}:$DATA"
    File:"No admin in ACL","C:\Users\AAA\AppData\Local\Temp\~DF52554E94D011384E.TMP"
    File:"No admin in ACL","C:\ProgramData\Microsoft\SLDL\8ac2e19a-b1f0-4bff-ae65-1019f510f093\36dde836-5584-4eae-9f09-a8bbc6421ade"
    File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
    File:"Unknown ADS","C:\ProgramData\AVG10\Chjw\3ed8a0d3d8a08b2b.dat:731d6002-20c7-467b-94f8-8c3f3962f851:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG10\Chjw\740a0cd30a0c93f0.dat:0180a828-dc72-4f31-9756-b24f78754e1a:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG10\Chjw\7c4c5f144c5ec912.dat:0e879a76-dd62-4257-b231-347cdf8e0f7f:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG10\Chjw\80421afe421af91c.dat:c27f763b-8d33-4e11-97d5-cf5830fb9f7b:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG10\Chjw\c2b28f1eb28f15d7.dat:061a2408-a67c-4668-adf7-251dfd88d378:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG10\Chjw\c2b28f1eb28f15d7.dat:38781673-54a8-4b66-b7d4-6d52e5770828:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG10\Chjw\d8f6b962f6b94194.dat:0394f954-dd39-4b1d-b9cd-881890c2d01a:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG10\Chjw\dac0ecc4c0eca849.dat:8c66e948-e9a7-436b-9f14-3c57c1965238:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG10\Chjw\e08f86a08f851e7.dat:2fc04870-e464-4971-a8b0-a520c69dbc12:$DATA"
    File:"Unknown ADS","C:\ProgramData\AVG10\Chjw\f080f35c80f3282c.dat:52821631-4481-411d-a724-3030a770914c:$DATA"
    File:"No admin in ACL","C:\$Recycle.Bin\S-1-5-18"
    File:"No admin in ACL","C:\$Recycle.Bin\S-1-5-21-1383603232-337481022-996218204-1000\12Q0JG7YDC34P1HE6EC6UHIH504J9BZ6V"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\","LogonSoundPlayed"


    Anything I should worry about?

    Thank you !


    Jorge

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello JorgeGonzalez,

    Most entries are your AVG 10 anti virus.

    Regarding,
    File:"Unknown ADS","C:\Users\AAA:zylomtest:$DATA"
    File:"Unknown ADS","C:\Users\AAA:zylomtr{000HQ7FF-AD7A-3FG5-CHL5-24516UNKQ673}:$DATA"
    File:"No admin in ACL","C:\Users\AAA\AppData\Local\Temp\~DF52554E94D011384E.TMP"

    Do you recognize the name, perhaps this software: http://en.wikipedia.org/wiki/Zylom

    How is the computer running?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Apr 2014
    Posts
    6

    Default

    Quote Originally Posted by tashi View Post
    Hello JorgeGonzalez,

    Most entries are your AVG 10 anti virus.

    Regarding,
    File:"Unknown ADS","C:\Users\AAA:zylomtest:$DATA"
    File:"Unknown ADS","C:\Users\AAA:zylomtr{000HQ7FF-AD7A-3FG5-CHL5-24516UNKQ673}:$DATA"
    File:"No admin in ACL","C:\Users\AAA\AppData\Local\Temp\~DF52554E94D011384E.TMP"

    Do you recognize the name, perhaps this software: http://en.wikipedia.org/wiki/Zylom

    How is the computer running?

    Best regards.

    Hi tashi,

    Thanks for your answer!

    My computer is running ok. No problems.

    yes. regarding Zylom I found the same information. I will probably delete those files.

    Actually, I was worried about this:

    File:"No admin in ACL","C:\$Recycle.Bin\S-1-5-18"
    File:"No admin in ACL","C:\$Recycle.Bin\S-1-5-21-1383603232-337481022-996218204-1000\12Q0JG7YDC34P1HE6EC6UHIH504J9BZ6V"

    because I read about some usual rootkits that use the Recycle Bin files.
    Is there a way to find if those are rootkits?

    Thanks!

    Jorge

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello Jorge,

    Quote Originally Posted by JorgeGonzalez View Post

    Actually, I was worried about this:

    File:"No admin in ACL","C:\$Recycle.Bin\S-1-5-18"
    File:"No admin in ACL","C:\$Recycle.Bin\S-1-5-21-1383603232-337481022-996218204-1000\12Q0JG7YDC34P1HE6EC6UHIH504J9BZ6V"

    because I read about some usual rootkits that use the Recycle Bin files.
    Is there a way to find if those are rootkits?
    Have you tried to empty your recycle bin?

    Best regards
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Apr 2014
    Posts
    6

    Default

    Quote Originally Posted by tashi View Post
    Hello Jorge,



    Have you tried to empty your recycle bin?

    Best regards
    Yes. An it was empty when I run the analysis. (and generaly I use the Eraser to empty it, so I'm pretty sure there were no files )

    Just in case, let me clarify that though the log indicates both results as "File:" :

    File:"No admin in ACL","C:\$Recycle.Bin\S-1-5-18"
    File:"No admin in ACL","C:\$Recycle.Bin\S-1-5-21-1383603232-337481022-996218204-1000\12Q0JG7YDC34P1HE6EC6UHIH504J9BZ6V"

    when the results of the analysis first appear, they were under the "Folder" category.

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hi JorgeGonzalez,

    See post #1 in this thread: https://answers.yahoo.com/question/i...7110053AApVNAm

    Might make things clearer.

    Best regards,
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •