Results 1 to 4 of 4

Thread: i did a rootkit deep scan, but not sure either...

  1. #1
    Junior Member
    Join Date
    Apr 2017
    Posts
    2

    Default i did a rootkit deep scan, but not sure either...

    i'm not sure how to post that info, but i was able to glean this much from my software. can anyone help?

    [i] 17-04-04 00:34:09 THttpUpdateDaemon HTTP daemon on port 21321 closed.
    [+] 17-04-04 00:35:19 THttpUpdateDaemon Background Updating Service got started...
    [i] 17-04-04 00:35:19 THttpUpdateDaemon Listening on port 21321
    [i] 17-04-04 00:35:19 THttpUpdateDaemon Successfully started listening on port 21321.
    [i] 17-04-04 21:39:26 THttpUpdateDaemon HTTP daemon on port 21321 closed.
    [+] 17-04-04 21:40:29 THttpUpdateDaemon Background Updating Service got started...
    [i] 17-04-04 21:40:30 THttpUpdateDaemon Listening on port 21321
    [i] 17-04-04 21:40:30 THttpUpdateDaemon Successfully started listening on port 21321.
    SDUpdSvc.exe [2017-04-06 20:53:37] [+] Updating Service is active.
    SDUpdSvc.exe [2017-04-06 20:53:37] [.] Trying to retrieve update info file from http://updates3.safer-networking.org/spybotsd2.uid...
    SDUpdSvc.exe [2017-04-06 20:53:38] [+] Retrieved update info file.
    SDUpdSvc.exe [2017-04-06 20:53:39] [.] Info file part done.
    SDUpdSvc.exe [2017-04-06 20:53:40] [.] Testing which updates apply to this version...
    SDUpdSvc.exe [2017-04-06 20:53:40] [+] Trojans-C.sbi (version 20170329) needs to be updated (to version 20170405).
    SDUpdSvc.exe [2017-04-06 20:53:41] [+] PUPS-C.sbi (version 20170329) needs to be updated (to version 20170405).
    SDUpdSvc.exe [2017-04-06 20:53:41] [+] Malware-C.sbi (version 20170201) needs to be updated (to version 20170405).
    SDUpdSvc.exe [2017-04-06 20:53:42] [+] Adware-C.sbi (version 20170329) needs to be updated (to version 20170405).
    SDUpdSvc.exe [2017-04-06 20:53:42] [.] Downloading updates...
    SDUpdSvc.exe [2017-04-06 20:53:42] [+] File "Adware-C.sbi" needs to be downloaded.
    SDUpdSvc.exe [2017-04-06 20:53:44] [+] Downloaded archive "Adware-C.sbi-20170405.cab" from http://de.sbsd-updates.eu/spybot2/.
    SDUpdSvc.exe [2017-04-06 20:53:44] [+] Extracted "Adware-C.sbi-20170405.cab"!
    SDUpdSvc.exe [2017-04-06 20:53:44] [+] Installed "Adware-C.sbi".
    SDUpdSvc.exe [2017-04-06 20:53:44] [+] File "Malware-C.sbi" needs to be downloaded.
    SDUpdSvc.exe [2017-04-06 20:53:46] [+] Downloaded archive "Malware-C.sbi-20170405.cab" from http://de.sbsd-updates.eu/spybot2/.
    SDUpdSvc.exe [2017-04-06 20:53:46] [+] Extracted "Malware-C.sbi-20170405.cab"!
    SDUpdSvc.exe [2017-04-06 20:53:46] [+] Installed "Malware-C.sbi".
    SDUpdSvc.exe [2017-04-06 20:53:46] [+] File "PUPS-C.sbi" needs to be downloaded.
    SDUpdSvc.exe [2017-04-06 20:53:47] [+] Downloaded archive "PUPS-C.sbi-20170405.cab" from http://us.sbsd-updates.eu/spybot2/.
    SDUpdSvc.exe [2017-04-06 20:53:47] [+] Extracted "PUPS-C.sbi-20170405.cab"!
    SDUpdSvc.exe [2017-04-06 20:53:47] [+] Installed "PUPS-C.sbi".
    SDUpdSvc.exe [2017-04-06 20:53:47] [+] File "Trojans-C.sbi" needs to be downloaded.
    SDUpdSvc.exe [2017-04-06 20:53:48] [+] Downloaded archive "Trojans-C.sbi-20170405.cab" from http://updates3.safer-networking.org/spybot2/.
    SDUpdSvc.exe [2017-04-06 20:53:48] [+] Extracted "Trojans-C.sbi-20170405.cab"!
    SDUpdSvc.exe [2017-04-06 20:53:48] [+] Installed "Trojans-C.sbi".
    SDUpdSvc.exe [2017-04-06 20:53:48] [+] All files have been processed.
    SDUpdSvc.exe [2017-04-06 20:53:48] +++
    [i] 17-04-07 23:30:39 THttpUpdateDaemon HTTP daemon on port 21321 closed.
    [+] 17-04-07 23:32:31 THttpUpdateDaemon Background Updating Service got started...
    [i] 17-04-07 23:32:31 THttpUpdateDaemon Listening on port 21321
    [i] 17-04-07 23:32:32 THttpUpdateDaemon Successfully started listening on port 21321.
    SDUpdSvc.exe [2017-04-08 15:41:58] [+] Updating Service is active.
    SDUpdSvc.exe [2017-04-08 15:41:58] [.] Trying to retrieve update info file from http://updates1.safer-networking.org/spybotsd2.uid...
    SDUpdSvc.exe [2017-04-08 15:41:59] [+] Retrieved update info file.
    SDUpdSvc.exe [2017-04-08 15:42:00] [.] Info file part done.
    SDUpdSvc.exe [2017-04-08 15:42:00] [.] Testing which updates apply to this version...
    SDUpdSvc.exe [2017-04-08 15:42:00] [+] No updates required.
    SDUpdSvc.exe [2017-04-08 15:42:00] +++
    SDUpdSvc.exe [2017-04-08 15:42:09] [+] Updating Service is active.
    SDUpdSvc.exe [2017-04-08 15:42:09] [.] Trying to retrieve update info file from http://updates3.safer-networking.org/spybotsd2.uid...
    SDUpdSvc.exe [2017-04-08 15:42:10] [+] Retrieved update info file.
    SDUpdSvc.exe [2017-04-08 15:42:11] [.] Info file part done.
    SDUpdSvc.exe [2017-04-08 15:42:11] [.] Testing which updates apply to this version...
    SDUpdSvc.exe [2017-04-08 15:42:11] [+] No updates required.
    SDUpdSvc.exe [2017-04-08 15:42:11] +++
    SDUpdSvc.exe [2017-04-08 15:42:18] [+] Updating Service is active.
    SDUpdSvc.exe [2017-04-08 15:42:18] [.] Trying to retrieve update info file from http://updates3.safer-networking.org/spybotsd2.uid...
    SDUpdSvc.exe [2017-04-08 15:42:19] [+] Retrieved update info file.
    SDUpdSvc.exe [2017-04-08 15:42:19] [.] Info file part done.
    SDUpdSvc.exe [2017-04-08 15:42:20] [.] Testing which updates apply to this version...
    SDUpdSvc.exe [2017-04-08 15:42:20] [+] No updates required.
    SDUpdSvc.exe [2017-04-08 15:42:20] +++
    SDUpdSvc.exe [2017-04-08 15:42:27] [+] Updating Service is active.
    SDUpdSvc.exe [2017-04-08 15:42:27] [.] Trying to retrieve update info file from http://updates2.safer-networking.org/spybotsd2.uid...
    SDUpdSvc.exe [2017-04-08 15:42:28] [+] Retrieved update info file.
    SDUpdSvc.exe [2017-04-08 15:42:29] [.] Info file part done.
    SDUpdSvc.exe [2017-04-08 15:42:29] [.] Testing which updates apply to this version...
    SDUpdSvc.exe [2017-04-08 15:42:29] [+] No updates required.
    SDUpdSvc.exe [2017-04-08 15:42:29] +++
    SDUpdSvc.exe [2017-04-08 15:42:36] [+] Updating Service is active.
    SDUpdSvc.exe [2017-04-08 15:42:36] [.] Trying to retrieve update info file from http://updates2.safer-networking.org/spybotsd2.uid...
    SDUpdSvc.exe [2017-04-08 15:42:36] [+] Retrieved update info file.
    SDUpdSvc.exe [2017-04-08 15:42:37] [.] Info file part done.
    SDUpdSvc.exe [2017-04-08 15:42:37] [.] Testing which updates apply to this version...
    SDUpdSvc.exe [2017-04-08 15:42:37] [+] No updates required.
    SDUpdSvc.exe [2017-04-08 15:42:37] +++
    SDUpdSvc.exe [2017-04-08 15:42:44] [+] Updating Service is active.
    SDUpdSvc.exe [2017-04-08 15:42:44] [.] Trying to retrieve update info file from http://updates2.safer-networking.org/spybotsd2.uid...
    SDUpdSvc.exe [2017-04-08 15:42:45] [+] Retrieved update info file.
    SDUpdSvc.exe [2017-04-08 15:42:46] [.] Info file part done.
    SDUpdSvc.exe [2017-04-08 15:42:46] [.] Testing which updates apply to this version...
    SDUpdSvc.exe [2017-04-08 15:42:46] [+] No updates required.
    SDUpdSvc.exe [2017-04-08 15:42:46] +++

    beyond this, i'm not sure how to post my Unknown ADS and no Admn in ACL, as they show up somewhat differently from whats posted previously... ne help appreciated...

    ok, i just found this: i hope this helps...

    // info: Rootkit removal help file
    // copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1:$DATA"
    File:"Unknown ADS","C:\ProgramData\WinZip:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\3Planesoft Screensaver Manager:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Coral Clock 3D Screensaver:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\DVDVideoSoft:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Letasoft Sound Booster:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Popcorn Time:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Spybot - Search & Destroy 2:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildTangent Games\App:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Bejeweled 3:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Luxor Evolved:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\WildGames\Plants vs Zombies - Game of the Year:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\TOSHIBA\System Setting:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\TOSHIBA\ToshibaFB:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\Drivers\x64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\TOSHIBA\PCDiag\Lang:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Realtek\NICDRV_8169:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Realtek\Realtek Card Reader:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft Office\Office15:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Intel(R) Processor Graphics:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Google\Chrome\Application:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\MediaStory:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\CyberLink\PowerDVD12:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\ATI Technologies\Multimedia:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\AMD AVT\bin:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Reader 11.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Reader 11.0\Reader:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\CCleaner:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\IrfanView:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\WinZip:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\TOSHIBA\Hotkey:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\TOSHIBA\PasswordUtility:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\TOSHIBA\Teco:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\TOSHIBA\TOSHIBA Audio Enhancement:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\TOSHIBA\TOSHIBA Desktop Assist:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\TOSHIBA\TOSHIBA Recovery Media Creator:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\TOSHIBA\TOSHIBA Service Station:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\TOSHIBA\TPHM:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\TOSHIBA\TPHM\Lang:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Realtek\Audio\HDA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Malwarebytes\Anti-Malware:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\iCLS Client:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Rapid Storage Technology:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\Lang:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\ATI Technologies\Multimedia:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\ATI\CIM:Win32App_1:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Jpn","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Jpn","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"


    any help very much appreciated...
    Last edited by tashi; 2017-04-21 at 04:56. Reason: Split off to own topic

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    29,894

    Default

    Hello s34w0lf3,

    The first log shows Spybot's Updating Service.

    The second log isn't raising a flag. Did you have reason to run a rootkit scan, is the computer showing any sign of infection?

    Best regards.
    Microsoft MVP 2006-2016
    Windows Insider MVP 2016, 2017

  3. #3
    Junior Member
    Join Date
    Apr 2017
    Posts
    2

    Unhappy yes actually...

    Quote Originally Posted by tashi View Post
    Hello s34w0lf3,

    The first log shows Spybot's Updating Service.

    The second log isn't raising a flag. Did you have reason to run a rootkit scan, is the computer showing any sign of infection?

    Best regards.
    thank you for the prompt reply,

    my laptop, was and is acting wonky - (chrome not responding), taking forever to even respond to this reply... i have an i5 processor, so i know its not the performance of the laptop, although, i've yet to overclock it - but i'm constantly running spybot AND malwarebytes and it seems to ALWAYS find low-end malware, and initially did find a few threatening malware programs on my computer... i'd be SOOO enthused if i could nip this problem in the bud as i recently bought this laptop and know that if it were to run optimally, it would more than satisfy my needs, as i'm not one to play high-end videogames or such, i just enjoy watching movies and/or playing simple online games. this problem has and is getting completely out of hand though, and i am at wits end... any help would be duly appreciated.... thanks in advance...

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    29,894

    Default

    Hello s34w0lf3,

    A volunteer analyst can take a look at the system.

    Please see the Malware Removal Forum sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Then start a new topic in that forum providing the logs please, a link back to this topic may be helpful.

    Best regards.
    Microsoft MVP 2006-2016
    Windows Insider MVP 2016, 2017

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •