Can someone please check these rootkit scan results?

  • Thread starter Thread starter aPerson
  • Start date Start date
Status
Not open for further replies.
A

aPerson

Guest
Hello, a while ago I suffered a Trojan infection, which I've ran many antivirus/antimalware on. My system appears to be clean. However I ran the rootkit deep scan and got a lot of red flags. I'm running Windows 10 64 bit, and here are the logs:

// info: Rootkit removal help file
// copyright: (c) 2008-2018 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK2HWU","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK1HWU","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK2HWU","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK1HWU","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes","com.epicgames.launcher"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node","com.epicgames.launcher"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher","DefaultIcon"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher","shell"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher\shell","open"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher\shell\open","command"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher","DefaultIcon"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher","shell"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher\shell","open"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher\shell\open","command"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes","com.epicgames.launcher"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node","com.epicgames.launcher"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher","DefaultIcon"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher","shell"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher\shell","open"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\WOW6432Node\com.epicgames.launcher\shell\open","command"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher","DefaultIcon"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher","shell"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher\shell","open"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Classes\com.epicgames.launcher\shell\open","command"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Provider"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","CBP"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Provider","DPA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center","Provider"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","CBP"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider","DPA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

I have no idea if these are valid. They all say "No admin in ACL." Any help is appreciated!
 
Hello aPerson,

This log alone is not raising a flag.

The RootAlyzer is an analyst tool, in general all items found are not necessarily malicious as even legitimate software may use rootkit technologies.

A Trojan would be unlikely to show in this type of scan, do you remember the name of it?

Best regards.
 
There were several found, mostly by Windows Defender. If it'll help, I'll post whatever details I can find tomorrow evening, when I'm able. Thank you for the help! Sorry about the wait.
 
Hello aPerson,

aPerson said:
There were several found, mostly by Windows Defender. If it'll help, I'll post whatever details I can find tomorrow evening, when I'm able. Thank you for the help! Sorry about the wait.
Click to expand...

:) It would be interesting to know what was flagged although programs often use generic terms.

Hope any malware was quarantined and removed.
 
I'm sorry to say Windows Defender no longer displays the information. It's been a while, so I assume it's automatically cleared the logs. The most I know is that about 3 different kinds were found, in 1-3 locations each. My system has been consistently clean for whatever scan I've used since. I'm very sorry for the inconvenience.
 
Hi aPerson,

aPerson said:
My system has been consistently clean for whatever scan I've used since. I'm very sorry for the inconvenience.
Click to expand...

That's good to hear, it is not an inconvenience to respond to questions, we are here to help. :)

If an issue of concern pops up later on we do have a malware forum where a volunteer analyst could take a look at the system.

Otherwise, if your software protection is up to date and the computer is running normally you should be good to go.

Best regards.
 
Hi, sorry to respond so late. I had one more question, should I take any action on the found items? Spybot gives me the option to delete them. I know it's likely that's a bad idea, but I wanted to ask and make sure. Thank you!
 
Hello aPerson,

The log is showing Microsoft items and epicgames. :)

I'd leave them. The RootAlyzer is an analyst tool and not a scan and fix program.

Best regards.
 
Thank you very much for all the help! I'm glad to know there's no danger. :)
 
Status
Not open for further replies.
Back
Top