Results 1 to 9 of 9

Thread: Can someone please check these rootkit scan results?

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Oct 2018
    Posts
    5

    Exclamation Can someone please check these rootkit scan results?

    Hello, a while ago I suffered a Trojan infection, which I've ran many antivirus/antimalware on. My system appears to be clean. However I ran the rootkit deep scan and got a lot of red flags. I'm running Windows 10 64 bit, and here are the logs:

    // info: Rootkit removal help file
    // copyright: (c) 2008-2018 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes","com.epicgames.launcher"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node","com.epicgames.launcher"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher","DefaultIcon"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher","shell"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher\shell","open"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher\shell\open","command"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher","DefaultIcon"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher","shell"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher\shell","open"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher\shell\open","command"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes","com.epicgames.launcher"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node","com.epicgames.launcher"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher","DefaultIcon"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher","shell"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher\shell","open"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher\shell\open","command"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher","DefaultIcon"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher","shell"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher\shell","open"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher\shell\open","command"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Provider"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","CBP"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","DPA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center","Provider"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","CBP"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","DPA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

    I have no idea if these are valid. They all say "No admin in ACL." Any help is appreciated!

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,457

    Default

    Hello aPerson,

    This log alone is not raising a flag.

    The RootAlyzer is an analyst tool, in general all items found are not necessarily malicious as even legitimate software may use rootkit technologies.

    A Trojan would be unlikely to show in this type of scan, do you remember the name of it?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Oct 2018
    Posts
    5

    Default

    There were several found, mostly by Windows Defender. If it'll help, I'll post whatever details I can find tomorrow evening, when I'm able. Thank you for the help! Sorry about the wait.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,457

    Default

    Hello aPerson,

    Quote Originally Posted by aPerson View Post
    There were several found, mostly by Windows Defender. If it'll help, I'll post whatever details I can find tomorrow evening, when I'm able. Thank you for the help! Sorry about the wait.
    It would be interesting to know what was flagged although programs often use generic terms.

    Hope any malware was quarantined and removed.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Oct 2018
    Posts
    5

    Default

    I'm sorry to say Windows Defender no longer displays the information. It's been a while, so I assume it's automatically cleared the logs. The most I know is that about 3 different kinds were found, in 1-3 locations each. My system has been consistently clean for whatever scan I've used since. I'm very sorry for the inconvenience.

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,457

    Default

    Hi aPerson,

    Quote Originally Posted by aPerson View Post
    My system has been consistently clean for whatever scan I've used since. I'm very sorry for the inconvenience.
    That's good to hear, it is not an inconvenience to respond to questions, we are here to help.

    If an issue of concern pops up later on we do have a malware forum where a volunteer analyst could take a look at the system.

    Otherwise, if your software protection is up to date and the computer is running normally you should be good to go.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •