1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

ROOTKITS AND BOOTKITS - Spybot S&D+AV Technician 2.7.64.0 (Rootkit Scanner 2.7.64.116)

Discussion in 'Windows 10' started by crazycolin, 2018/06/13.

Thread Status:
Not open for further replies.
  1. 2018/06/13
    crazycolin

    crazycolin Member Thread Starter

    Joined:
    2018/06/13
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Computer Experience:
    Beginner
    PLEASE HELP ME. I'm concerned my machine may be infected by Rootkits/Bootkits. I purchased Spybot S&D Technician Edition last night and updated the program, immunised then ran a malware scan (clean) followed by a rootkit scan. There were hundreds of "Unknown ADS" results with ":$DATA" strings at the end and 9 Registry Keys with "No admin in ACL" results. Where do I go from here, please?
     
  2. 2018/06/13
    crazycolin

    crazycolin Member Thread Starter

    Joined:
    2018/06/13
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Computer Experience:
    Beginner
    These are the results of the Rootkit scan log: C:\ProgramData\Spybot - Search & Destroy\Logs\Rootkits.180614-0256.log

    // info: Rootkit removal help file
    // copyright: (c) 2008-2018 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","F:\[PICTURES]\WEB REGISTRATIONS\20150126_125217000_iOS.png:ms-properties:$DATA"
    File:"Unknown ADS","F:\[PICTURES]\WEB REGISTRATIONS\20150131_125644000_iOS.png:ms-properties:$DATA"
    File:"Unknown ADS","F:\[PICTURES]\WEB REGISTRATIONS\20150327_142122000_iOS.png:ms-properties:$DATA"
    File:"Unknown ADS","F:\[PICTURES]\FAMILY\20130904_123644233_iOS.jpg:ms-properties:$DATA"
    File:"Unknown ADS","F:\[PICTURES]\COMEDY\20131004_231648077_iOS.jpg:ms-properties:$DATA"
    File:"Unknown ADS","F:\[PICTURES]\COMEDY\20131007_163412357_iOS.jpg:ms-properties:$DATA"
    File:"Unknown ADS","F:\[PICTURES]\COMEDY\20131214_131223829_iOS.jpg:ms-properties:$DATA"
    File:"Unknown ADS","F:\[PICTURES]\COMEDY\20140701_111910000_iOS.png:ms-properties:$DATA"
    File:"Unknown ADS","F:\[PICTURES]\COMEDY\Doubly Incontinent.png:xdg.origin.url:$DATA"
    File:"Unknown ADS","F:\[PICTURES]\COMEDY\Doubly Incontinent.png:xdg.referrer.url:$DATA"
    File:"Unknown ADS","F:\[PICTURES]\COMEDY\Kiss Birthday Wishes.jpg:xdg.origin.url:$DATA"
    File:"Unknown ADS","F:\[PICTURES]\COMEDY\Kiss Birthday Wishes.jpg:xdg.referrer.url:$DATA"
    File:"Unknown ADS","F:\MINT BACKUPS\MINT PICTURES BACKUP\Doubly Incontinent.png:xdg.origin.url:$DATA"
    // Action taken: Deleted.
    File:"Unknown ADS","F:\MINT BACKUPS\MINT PICTURES BACKUP\Doubly Incontinent.png:xdg.referrer.url:$DATA"
    // Action taken: Deleted.
    File:"Unknown ADS","F:\MINT BACKUPS\MINT PICTURES BACKUP\Kiss Birthday Wishes.jpg:xdg.origin.url:$DATA"
    // Action taken: Deleted.
    File:"Unknown ADS","F:\MINT BACKUPS\MINT PICTURES BACKUP\Kiss Birthday Wishes.jpg:xdg.referrer.url:$DATA"
    // Action taken: Deleted.
    File:"Unknown ADS","F:\MINT BACKUPS\MINT DOCUMENTS BACKUP\creating-your-cv-as-a-self-marketing-tool.pdf:xdg.origin.url:$DATA"
    // Action taken: Deleted.
    File:"Unknown ADS","F:\MINT BACKUPS\MINT DOCUMENTS BACKUP\creating-your-cv-as-a-self-marketing-tool.pdf:xdg.referrer.url:$DATA"
    // Action taken: Deleted.
    ...etc. etc...
    Then the reg key entries:

    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK2HWU\","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK1HWU\","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK2HWU\","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK1HWU\","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\","Provider"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider\","CBP"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider\","DPA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs\","DuState"
     

  3. to hide this advert.

  4. 2018/06/13
    SVEN

    SVEN Well-Known Member

    Joined:
    2004/01/02
    Messages:
    831
    Likes Received:
    5
    Trophy Points:
    233
    Location:
    Torrance, CA
    Computer Experience:
    Getting Better
    You might want to get to the malware section on this BBS.
    Follow the direction and post the proper logs
    Sven

    Malware and Virus Removal
     
    SVEN,
    #3
Thread Status:
Not open for further replies.

Share This Page