Sophos anti-root kit found 53 unknown hidden files HELP [RESOLVED]
Started by
kelkay
, Jun 04 2008 05:53 PM
#31
Posted 07 June 2008 - 12:01 PM
#32
Posted 07 June 2008 - 08:42 PM
I did a scan with Ad Aware 2007, and Dr. Web, both showed no infection. I also used this program. I still think my computer has trouble since I am still showing hidden files, and also because Zone Alarm found the trojan.
Malwarebytes' Anti-Malware 1.15
Database version: 839
9:41:48 PM 6/7/2008
mbam-log-6-7-2008 (21-41-48).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 237803
Time elapsed: 1 hour(s), 11 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.15
Database version: 839
9:41:48 PM 6/7/2008
mbam-log-6-7-2008 (21-41-48).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 237803
Time elapsed: 1 hour(s), 11 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#33
Posted 08 June 2008 - 03:57 PM
Sorry I've been away
You have nothing to worry about, your PC is clean from malware
All you have to do is double click the MVPS bat file to run it
Any other questions ?
You have nothing to worry about, your PC is clean from malware
All you have to do is double click the MVPS bat file to run it
Any other questions ?
#34
Posted 09 June 2008 - 09:17 AM
First of all I have another question about the Zone Alarm Pro that found the Win32.trojan.yspy Do you think it is a real trojan or part of the IE Spyad I downloaded? It is in quarantine. It said it recommends deletion, but I am afraid to in case it is a false positive.
#35
Posted 09 June 2008 - 09:20 AM
Second I clicked on the host's bat file...but like I said, there are very few restricted sites listed, so I don't think it is working right. Also my computer is still running slow. I can take the slow browsing to another area for help....I just thought it was connected to the infections the computer had. You have helped me tremendously, and I admire your knowledge and willingness to help others with very limited knowledge in comparison!
#36
Posted 09 June 2008 - 09:53 AM
I re-checked also Sophos anti-root kit and it is showing 52 hidden files, in the same location
Area: Local hard drives
Description: Unknown hidden file
Location: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP438\change.log.6
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
I guess you are saying this was all a false positive then. I have never seen anything before show up in Sophos for over a year, so this makes me uneasy. I read and did all of the things you said, and I cannot thank you enough. I set my browser from Sea Monkey to Firefox for default. But since I use Sea Monkey email, it will go to the Sea Monkey browser when I click on a url from an email. I am not sure how to fix that. I tried to find a way to just use email from it, but so far I have not been able to. I do go to a lot of trouble to keep my machine clean, and this is upsetting that I feel like my computer may be infected and I am not even aware of it. I read the part about How Did My Computer Get Infected... before I ever posted on here.
Also Napster is giving my kids a problem because Java is not allowed for that when you click on it. I do not know how to fix that without opening up myself to problems with infection in Java pages. What do you recommend for me to do about that, or should I take this to another part for this question?
Area: Local hard drives
Description: Unknown hidden file
Location: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP438\change.log.6
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
I guess you are saying this was all a false positive then. I have never seen anything before show up in Sophos for over a year, so this makes me uneasy. I read and did all of the things you said, and I cannot thank you enough. I set my browser from Sea Monkey to Firefox for default. But since I use Sea Monkey email, it will go to the Sea Monkey browser when I click on a url from an email. I am not sure how to fix that. I tried to find a way to just use email from it, but so far I have not been able to. I do go to a lot of trouble to keep my machine clean, and this is upsetting that I feel like my computer may be infected and I am not even aware of it. I read the part about How Did My Computer Get Infected... before I ever posted on here.
Also Napster is giving my kids a problem because Java is not allowed for that when you click on it. I do not know how to fix that without opening up myself to problems with infection in Java pages. What do you recommend for me to do about that, or should I take this to another part for this question?
#37
Posted 09 June 2008 - 11:37 AM
ZoneAlarm gave you a FP
You got MVPS running fine
Ignore what Sophos is finding, it is nothing to worry about
Go to Add or Remove Programs and remove Napster
Anything else ?
You got MVPS running fine
Ignore what Sophos is finding, it is nothing to worry about
Go to Add or Remove Programs and remove Napster
Anything else ?
#38
Posted 09 June 2008 - 11:46 AM
I guess that is it. We pay monthly for Napster, so I will have to figure out something for that. (Napster to Go) Anyway thank you very much!!! Consider this thread now closed and taken care of!
#39
Posted 09 June 2008 - 12:10 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users