Results 1 to 6 of 6
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Lake Ariel, PA
    Posts
    20
    Thanks
    7
    Thanked 0 Times in 0 Posts

    Question GRC SecurAble scan

    I ran the Gibson SecurAble utility on my PC. It gave me results that troubles me. It shows HW Virtualization to be "locked on". See 2 attachments. I have no idea what it means. So, I chose to do a rootkit scan using GMER (http://www.gmer.net/). It showed that I have a root-like behavior (see 3 attachments including full scan log). Scans using Kaspersky, AVG, Microsoft Safety Scanner, Trend Micro, and Malewarebytes show no threats.

    Any ideas?
    Attached Images Attached Images
    Attached Files Attached Files

  2. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,434
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Leo,

    I just downloaded the latest version of GMER and gave it a go. Right off the bat it had trouble accessing my system. Then I noticed at the bottom of the window it reported that I was running Windows 6.2.9200
    GMERProblem.JPG
    I'm actually running 6.3.9600 (Win 8.1 Update 1).

    It also reported that EMET and Windows Defender are rootkits? I don't think the program is as up to date as it needs to be. HTH
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Lake Ariel, PA
    Posts
    20
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by RetiredGeek View Post
    Leo,

    I just downloaded the latest version of GMER and gave it a go. Right off the bat it had trouble accessing my system. Then I noticed at the bottom of the window it reported that I was running Windows 6.2.9200
    GMERProblem.JPG
    I'm actually running 6.3.9600 (Win 8.1 Update 1).

    It also reported that EMET and Windows Defender are rootkits? I don't think the program is as up to date as it needs to be. HTH
    RG,

    I guess it's not up to date for Windows 8.1 since it reports correctly for my Windows 7 system (6.1.7601 SP1).

    I have some additional information regarding the SecurAble test. It initially reported "Locked On" for hardware virtualization, so I checked my BIOS and found "Virtualization Technology" enabled. I disabled it and now SecurAble indicates "Locked Off". I researched what the BIOS setting did and found it is needed to run XP Mode. Since I don't use XP Mode, I guess I can leave it disabled.

    However, it still doesn't change the GMER result which indicates I have "root-like behavior". Are you thinking it's a false positive?

    Leo

  4. #4
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,434
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Leo,

    Hard to tell but I'd at least run another anti-root kit program to verify.
    You might try MalwareBytes Anti-RootKit Beta or
    Kasparsky TDSSKiller Free or
    Trend Micro RootKit Buster Free.
    HTH
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  5. #5
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,434
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Hey Y'all,

    Here's a direct link to TDSSKiller if you don't want to provide your Name & Email Address. HTH
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  6. #6
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    However, it still doesn't change the GMER result which indicates I have "root-like behavior". Are you thinking it's a false positive?

    Leo
    Yes, especially in light of taking a closer look at other possible negative indicators, like the lack of unusual network behaviors, disk activities, etc.
    Code written into the MS OS, like defender, and or other antimalware applications can be easily misinterpreted as rootkit like behavior.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •