Results 1 to 6 of 6

Thread: Rootkit results

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Dec 2016
    Location
    SE PA USA
    Posts
    20

    Question Rootkit results

    Sorry but I get so many search hits, I'm not sure where to post soooooooo... new topic

    Ripped YT video (all free!) - every video has these five items (different file names, of course)
    Type: File
    Object: The Spaghetti Western Orchestra - Live at the Royal Albert Hall 2011 - Full Concert.mp4:user.dublincore.contributor:$DATA
    Location: E:\Ripped\
    Details: Unknown ADS

    Type: File
    Object: The Spaghetti Western Orchestra - Live at the Royal Albert Hall 2011 - Full Concert.mp4:user.dublincore.date:$DATA
    Location: E:\Ripped\
    Details: Unknown ADS

    Type: File
    Object: The Spaghetti Western Orchestra - Live at the Royal Albert Hall 2011 - Full Concert.mp4:user.dublincore.format:$DATA
    Location: E:\Ripped\
    Details: Unknown ADS

    Type: File
    Object: The Spaghetti Western Orchestra - Live at the Royal Albert Hall 2011 - Full Concert.mp4:user.dublincore.title:$DATA
    Location: E:\Ripped\
    Details: Unknown ADS

    Type: File
    Object: The Spaghetti Western Orchestra - Live at the Royal Albert Hall 2011 - Full Concert.mp4:user.xdg.referrer.url:$DATA
    Location: E:\Ripped\
    Details: Unknown ADS


    MORE TO FOLLOW MORE TO FOLLOW MORE TO FOLLOW MORE TO FOLLOW MORE TO FOLLOW MORE TO FOLLOW MORE TO FOLLOW
    It's important to know when to stop arguing with people, and just let them be wrong.

  2. #2
    Junior Member
    Join Date
    Dec 2016
    Location
    SE PA USA
    Posts
    20

    Default

    DROPBOX has the following for every "folder" type, for example:
    Type: File
    Object: Camera Uploads:com.dropbox.attributes:$DATA
    Location: C:\Users\pavil\Dropbox\
    Details: Unknown ADS

    And then there's Nero with a host hits such as these samples:
    Type: File
    Object: config.xml
    Location: C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\
    Details: No admin in ACL

    Type: Folder
    Object: OnlineServices
    Location: C:\ProgramData\Nero\
    Details: No admin in ACL

    And, of course, Microsoft shows up with these samples:
    Type: Key
    Object: Final
    Location: HKLM\SYSTEM\CurrentControlSet\Services\CPK2HWU\
    Details: No admin in ACL

    Type: Key
    Object: Provider
    Location: HKLM\SOFTWARE\Wow6432Node\Microsoft\Security Center\
    Details: No admin in ACL

    Type: Key
    Object: Av
    Location: HKLM\SOFTWARE\Microsoft\Security Center\Provider\
    Details: No admin in ACL

    MORE TO FOLLOW MORE TO FOLLOW MORE TO FOLLOW MORE TO FOLLOW MORE TO FOLLOW MORE TO FOLLOW MORE TO FOLLOW
    It's important to know when to stop arguing with people, and just let them be wrong.

  3. #3
    Junior Member
    Join Date
    Dec 2016
    Location
    SE PA USA
    Posts
    20

    Default

    How much of this stuff is a problem and how much of it is "Don't worry, they all do that"?


    END OF POSTS END OF POSTS END OF POSTS END OF POSTS END OF POSTS END OF POSTS END OF POSTS END OF POSTS END OF POSTS
    It's important to know when to stop arguing with people, and just let them be wrong.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello RBEmerson,

    As the RootAlyzer is an analyst tool and not a scan and fix program, please let us know if you had any particular reason for running a rootkit scan.

    What is the operating system and how is your computer running?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member
    Join Date
    Dec 2016
    Location
    SE PA USA
    Posts
    20

    Default

    It seems reasonable to wonder what things I don't want or are harmful are on my machine - hence running rootkit.

    The problem I don't know the difference between cause for concern and not a problem. Hence my question.

    I'm particularly concerned about why Nero produced so many hits. Why should a burner produce so many hits.

    Naturally, "what can I do about this" arises from the results.

    OS Name Microsoft Windows 10 Home
    Version 10.0.18362 Build 18362
    Other OS Description Not Available
    OS Manufacturer Microsoft Corporation
    System Name LAPTOP-EN9FR8RI
    System Manufacturer HP
    System Model OMEN by HP Laptop 15-dc0xxx
    System Type x64-based PC
    System SKU 3UK57UA#ABA
    Processor Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz, 2208 Mhz, 6 Core(s), 12 Logical Processor(s)
    BIOS Version/Date AMI F.08, 2/21/2019
    SMBIOS Version 3.2
    Embedded Controller Version 93.21
    BIOS Mode UEFI
    BaseBoard Manufacturer HP
    BaseBoard Product 84DB
    BaseBoard Version 93.21
    Platform Role Mobile
    Secure Boot State On
    PCR7 Configuration Elevation Required to View
    Windows Directory C:\WINDOWS
    System Directory C:\WINDOWS\system32
    Boot Device \Device\HarddiskVolume5
    Locale United States
    Hardware Abstraction Layer Version = "10.0.18362.752"
    User Name LAPTOP-EN9FR8RI\pavil
    Time Zone Eastern Daylight Time
    Installed Physical Memory (RAM) 16.0 GB
    Total Physical Memory 15.9 GB
    Available Physical Memory 9.76 GB
    Total Virtual Memory 18.3 GB
    Available Virtual Memory 10.1 GB
    Page File Space 2.38 GB
    Page File C:\pagefile.sys
    Kernel DMA Protection Off
    Virtualization-based security Not enabled
    Device Encryption Support Elevation Required to View
    Hyper-V - VM Monitor Mode Extensions Yes
    Hyper-V - Second Level Address Translation Extensions Yes
    Hyper-V - Virtualization Enabled in Firmware No
    Hyper-V - Data Execution Protection Yes
    It's important to know when to stop arguing with people, and just let them be wrong.

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello RBEmerson,

    Sometimes even legitimate software uses rootkit technologies.

    The log isn't waving a flag. Do you have an anti-virus program installed?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •