Results 1 to 2 of 2

Thread: Rootkit Results a Bit Overwhelming - Guidance Please

  1. #1
    Junior Member
    Join Date
    Feb 2016
    Posts
    1

    Default Rootkit Results a Bit Overwhelming - Guidance Please

    Rootkit Results a Bit Overwhelming - Guidance Please

    I have a very long Rootkit Deepscan Result List that I don't know how to interpret...

    There was only one file that was singled out:

    Type: File
    Object: SafeOS.Mount:$WIMMOUNTDATA:$DATA
    Location: C:\$WINDOWS.~BT\Sources\SafeOS\
    Details: Unknown ADS

    But then I have nearly 500 (!) Registry Key entries like the one below, all with the notation under the "details" column: "No admin in ACL":

    Type: Key
    Object: {02DDA8BD-182F-4C35-A0F7-9CC378822AC3}
    Location: HKLM\SOFTWARE\Classes\Wow6432Node\Wow6432Node\CLSID\
    Details: No admin in ACL

    Any help I could get would be appreciated!
    Thanks!
    David
    Last edited by tashi; 2016-03-01 at 06:00. Reason: Removed duplicate post. :-)

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello djlipsy,

    Those files appear to be normal. The RootAlyzer is an analyst tool, sometimes even legitimate software may use rootkit technologies.

    Do you suspect an infection, is that why you ran the scan?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •