Results 1 to 8 of 8
  1. #1
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Scotland
    Posts
    119
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Sophos Antirootkit

    I downloaded and ran the program. It lists a number of unknown hidden files that it doesn't think should be cleaned.

    Quote

    Area: Local hard drives
    Description: Unknown hidden file
    Location: F:\DOWNLOADS\Downloads x\PrintScreen44_Setup.exe
    Removable: Yes (but clean up not recommended for this file)
    Notes: (no more detail available)

    Unquote

    Has anybody knowledge of this program and how good it is? It lists nearly sixty files, some of them in my Firefox profile and one a jpg.TIA
    Last edited by bobrobert; 2011-03-31 at 05:42.

  2. #2
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    If that partition/drive has never been a bootable or System drive, I very much doubt any self-respecting rootkit would plant itself anywhere near it.

    No rootkit scanner is 100% effective or 100% reliable. If you think you might be infected by malware, please go to a reputable antimalware forum and follow their instructions to the letter - randomly throwing programs at your files 'just in case' there might be something amiss is not recommended, false positives abound.

    Use Malwarebytes, if the quick scan shows anything, run the full scan and get to a specialist forum to ensure everything's cleaned out.

  3. #3
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Scotland
    Posts
    119
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks. I use Malwarebytes, Microsoft essentials, Spybot, Spyblaster, Hyjack and others. This was my last "resort" to see if there were any problems. I downloaded Firefox 4 and I was getting a couple of pop ups that I think was the fault of Firefox which they hadn't sorted. I had a trial from a 14 day rootkit commercial program which showed nothing. Ironically I have used Malwarebytes - properly updated - for a long while and the program has never found a problem. Is that good or bad?

  4. #4
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    If Mbam's never found a problem, you're probably a safe surfer FX4 has had teething problems for some users, I've seen popups and hangs on one machine from it - Adblock+ and 2x related add-ons disabled and it's currently running fine. I use FX4 and Pale Moon 4 as my 'backup' browsers, both work fine for me.

  5. #5
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,594
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    Unless you know what you are doing with rootkit detection, you can cause as much damage as what you fix. I recommend you read Sysinternals - Rootkit revealer. Even though the program is only for XP & Windows Server 2003 the general information about rootkits is very good.

    Joe

  6. #6
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Calif
    Posts
    182
    Thanks
    0
    Thanked 14 Times in 13 Posts

    Lightbulb Rootkit detection & successful removal

    Hi BobRobert : As mentined by satrow, rootkit detection & successful removal is best accomplished under the guidance of an Expert malware-fighting Expert, such as the Volunteers at the Geekstogo Forums. An example is the thread at www.geekstogo.com/forum/topic/295934-identity-theft-malware . However, one should note that the person asking for help had already run the TDSSKiller program, which is usually run later in the process . This is shown in the thread at www.geekstogo.com/forum/topic/297840-repeated-rootkit-infect-detected-by-avast .
    Last edited by SpiritWind; 2011-03-31 at 12:34. Reason: correctly spelled "successful"
    For the BEST in what counts in Life :

    http://www.ctftoronto.com

  7. #7
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Scotland
    Posts
    119
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the replies. I am wary of removing them, hence the post. Regards the rootkits not embedding in a bootable system the problem is I store my downloaded programs on a partition that isn't bootable but when I execute the program they will become part of the bootable partition, C drive. Does a good firewall stop them communicating with the internet?

  8. #8
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    A good rootkit will embed itself into a Windows file/driver. How big is the file? Can you upload it to Virustotal or Anubis for examination?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •