joe blough
New member
In the results of the Rootkit Scan, what do the terms "unknown ADS" and "no admin in ACL" indicate?
Default unknown ADS & no admin in ACL
- Thread starter joe blough
- Start date
tashi
Member of Team Spybot
Hello,
The RootAlyzer is an analyst tool, in general all items found by the RootAlyzer are not necessarily malicious.
Sometimes even legitimate software uses rootkit technologies.
How is the computer running, any particular reason you scanned for a rootkit?
Best regards.
The RootAlyzer is an analyst tool, in general all items found by the RootAlyzer are not necessarily malicious.
Sometimes even legitimate software uses rootkit technologies.
How is the computer running, any particular reason you scanned for a rootkit?
Best regards.
spybot_help_is_unhelpfu
New member
Hello,
The RootAlyzer is an analyst tool, in general all items found by the RootAlyzer are not necessarily malicious.
Sometimes even legitimate software uses rootkit technologies.
How is the computer running, any particular reason you scanned for a rootkit?
Best regards.
That didn't answer his question, which is also mine. The help guide is useless, and I've been having a heckuva time trying to discover on this site what these terms mean. I very eagerly look forward to an answer.
tashi
Member of Team Spybot
Hello,
It is my understanding that "No admin in ACL" means these items are locked from being changed even if you are an admin, which is not unusual. Spybot found and reported that those keys lacked permissions.
As the OP did not provide a log I asked, "How is the computer running, any particular reason you scanned for a rootkit?"
That is actually a pertinent question and sometimes direct user feedback about their computer is quite useful, then one can proceed from there.
A Technet article about alternate data streams (ADS) is informative: https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/
If you would like to post a log please start your own topic.
Thank you.
It is my understanding that "No admin in ACL" means these items are locked from being changed even if you are an admin, which is not unusual. Spybot found and reported that those keys lacked permissions.
As the OP did not provide a log I asked, "How is the computer running, any particular reason you scanned for a rootkit?"
That is actually a pertinent question and sometimes direct user feedback about their computer is quite useful, then one can proceed from there.
A Technet article about alternate data streams (ADS) is informative: https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/
If you would like to post a log please start your own topic.
Thank you.