Rootkit analysis question

[grossrm]

I ran the rootkit scan from Spybot 2.0.12.0 which gave me back the following:

// info: Rootkit removal help file
// copyright: (c) 2008-2012 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Hidden file","C:\Windows\Àóo"
...
File:"Invisible to Win32","C:\boott! s"

I've searched everywhere I know and can find no reference to "boott!". Can anyone tell me what I've found?

Thanks,
RMG

 

[spybotsandra]

Hello,

That sounds strange, but it can't be said that these files are really bad.
It would help if we can get them as sample and take a look at them.

As they are hidden and invisible, did you change your folder options to make them visible? They should be stored under C:\Windows

Best regards
Sandra
Team Spybot

 

[grossrm]

Re: Rootkit Analysis Question

I did change the folder options, and can't locate the files. Spybot claims they are at "C:\boott!" but it doesn't appear to be there or in c:\Windows. I don't have any particular issues, I'd just like to know what they are.

RG

 

[spybotsandra]

Hello,

You can create a system restore point at first.
Then try to remove the found entry.

Best regards
Sandra
Team Spybot

 

[grossrm]

Can't find them

>>You can create a system restore point at first.
>>Then try to remove the found entry.

Unfortunately, I can't find them. Spybot reports them, and their location, but they don't show up any other way.