Help me analyse log-file results please

H

Haemel

New member
// info: Rootkit removal help file
// copyright: (c) 2008 Safer Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Users\All Users\TEMP:5C321E34:$DATA"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\global.js"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\HpuFunction.dll"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\HPWUCli.exe"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\hpwuSchd2.exe"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\main.hta"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\SelfUpdate.exe"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\SoftwareUpdate.dll"
File:"No admin in ACL","C:\Program Files\HP\HP Software Update\unicows.dll"
Directory:"No admin in ACL","C:\Program Files\HP\HP Software Update"
 
Hi Haemel,

all entries from HP should be good. Did you do an software update from HP while scanning with RootAlyzer?
The first entry shouldn't be there, you can find more information here.
 
Thanks for your answer.

No I didn't update HP. But, like you, I think they are OK. I have a HP-pc here.

2nd. I do not see a special solution in the thread you mentioned for the TEMP map, except that I should mail you the "packed" file?

Haemel
 
After I sent the packed cabfile to you e-mail adress I did a deep scan again. It showed me the HP 'no admin in ACL' remarks again, but NOT the TEMP line anymore!

Another discovery:
- the TEMP map was created when I installed Windows Vista on my system
- the TEMP map was changed with a scheduled Windows Vista update on april 15

Haemel
 
Last edited:
You must log in or register to reply here.
Back
Top