Results 1 to 9 of 9

Thread: Can someone please check these rootkit scan results?

  1. #1
    aPerson
    Guest

    Exclamation Can someone please check these rootkit scan results?

    Hello, a while ago I suffered a Trojan infection, which I've ran many antivirus/antimalware on. My system appears to be clean. However I ran the rootkit deep scan and got a lot of red flags. I'm running Windows 10 64 bit, and here are the logs:

    // info: Rootkit removal help file
    // copyright: (c) 2008-2018 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes","com.epicgames.launcher"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node","com.epicgames.launcher"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher","DefaultIcon"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher","shell"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher\shell","open"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher\shell\open","command"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher","DefaultIcon"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher","shell"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher\shell","open"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher\shell\open","command"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes","com.epicgames.launcher"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node","com.epicgames.launcher"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher","DefaultIcon"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher","shell"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher\shell","open"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher\shell\open","command"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher","DefaultIcon"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher","shell"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher\shell","open"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher\shell\open","command"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Provider"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","CBP"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","DPA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center","Provider"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","CBP"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","DPA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

    I have no idea if these are valid. They all say "No admin in ACL." Any help is appreciated!

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello aPerson,

    This log alone is not raising a flag.

    The RootAlyzer is an analyst tool, in general all items found are not necessarily malicious as even legitimate software may use rootkit technologies.

    A Trojan would be unlikely to show in this type of scan, do you remember the name of it?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    aPerson
    Guest

    Default

    There were several found, mostly by Windows Defender. If it'll help, I'll post whatever details I can find tomorrow evening, when I'm able. Thank you for the help! Sorry about the wait.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello aPerson,

    Quote Originally Posted by aPerson View Post
    There were several found, mostly by Windows Defender. If it'll help, I'll post whatever details I can find tomorrow evening, when I'm able. Thank you for the help! Sorry about the wait.
    It would be interesting to know what was flagged although programs often use generic terms.

    Hope any malware was quarantined and removed.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    aPerson
    Guest

    Default

    I'm sorry to say Windows Defender no longer displays the information. It's been a while, so I assume it's automatically cleared the logs. The most I know is that about 3 different kinds were found, in 1-3 locations each. My system has been consistently clean for whatever scan I've used since. I'm very sorry for the inconvenience.

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hi aPerson,

    Quote Originally Posted by aPerson View Post
    My system has been consistently clean for whatever scan I've used since. I'm very sorry for the inconvenience.
    That's good to hear, it is not an inconvenience to respond to questions, we are here to help.

    If an issue of concern pops up later on we do have a malware forum where a volunteer analyst could take a look at the system.

    Otherwise, if your software protection is up to date and the computer is running normally you should be good to go.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  7. #7
    aPerson
    Guest

    Default

    Hi, sorry to respond so late. I had one more question, should I take any action on the found items? Spybot gives me the option to delete them. I know it's likely that's a bad idea, but I wanted to ask and make sure. Thank you!

  8. #8
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello aPerson,

    The log is showing Microsoft items and epicgames.

    I'd leave them. The RootAlyzer is an analyst tool and not a scan and fix program.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  9. #9
    aPerson
    Guest

    Default

    Thank you very much for all the help! I'm glad to know there's no danger.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •