Results 1 to 6 of 6
  1. #1
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Marietta, Georgia, USA
    Posts
    296
    Thanks
    9
    Thanked 4 Times in 4 Posts

    SpySweeper 5.8 potentially rootkit-masked registry

    I have gotten several warnings in the last week from SpySweeper about this, even though I had it quarantine the threat. I'm beginning t think this is some sort of false-positive, based on this discussion in the networktechs forum.

    I followed their instructions to scan several files using the online scanner at jotti.org. It said all the files are OK.
    Rick Groszkiewicz
    Life is too short to drink bad wine (or bad coffee!)

  2. #2
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: SpySweeper 5.8 potentially rootkit-masked registry

    Based on the information you have provided, I'd suspect it is a false positive also.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  3. #3
    Gold Lounger
    Join Date
    Oct 2007
    Location
    Johnson City, Tennessee, USA
    Posts
    3,202
    Thanks
    37
    Thanked 215 Times in 202 Posts

    Re: SpySweeper 5.8 potentially rootkit-masked registry

    Rick hello,
    I also have had some similar problems with "false positive's" I'm running Norton 360 v2 and had it identify FireFox and Unlocker as "KeyLoggers"
    After having contact with the "norton tech's" and scanning the files with Norton NSS, Kaspersky, and SuperAnti Spyware, all came up negative for any problems. In norton there is a program called "eavesdropping Protection" and when enabled it was identifying those programs as "KeyLoggers" Nortons advise was to disable (check box) called "hack tool" I decided not to do this, but instead "allowed" the suspected programs.
    Not sure Your system security is the same or not, Hope this is of some use to you. Regards Plain Fred
    PlainFred

    None are so hopelessly enslaved as those who falsely believe they are free (J. W. Von Goethe)

  4. #4
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Marietta, Georgia, USA
    Posts
    296
    Thanks
    9
    Thanked 4 Times in 4 Posts

    Re: SpySweeper 5.8 potentially rootkit-masked regi

    Under Options / Sweep / Custom / Change Settings / Advanced Options I can choose "Enable Direct Disk Sweeping including Rootkit detection". There is a sub-option underneath that called "Sweep for masked files ".

    I un-checked the sub-option and re-ran a sweep. This time, it did not find anything at all.
    Rick Groszkiewicz
    Life is too short to drink bad wine (or bad coffee!)

  5. #5
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: SpySweeper 5.8 potentially rootkit-masked regi

    What was the file it found and where was it located ???
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  6. #6
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Marietta, Georgia, USA
    Posts
    296
    Thanks
    9
    Thanked 4 Times in 4 Posts

    Re: SpySweeper 5.8 potentially rootkit-masked regi

    That is the weird part of this. SpySweeper didn't seem to find any files.

    In the list of threats, it showed "Potentially rootkit-masked registry" and flagged it as Critical. I quarantined the threat, then exited SpySweeper and ran it again. When I checked, nothing actually showed up in the Quarantine area.
    Rick Groszkiewicz
    Life is too short to drink bad wine (or bad coffee!)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •