Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sophos anti-root kit found 53 unknown hidden files HELP [RESOLVED]


  • This topic is locked This topic is locked

#31
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I downloaded IE-Spyad... I am wondering if this is what Zone Alarm Pro saw as a trojan. I cannot tell if it is working right at all. If I look at programs, it does not even show. I also believe the MVPHosts program is not working , even though I downloaded it. It is not showing on my programs either when I go to start, programs... Also if I go to add/remove programs, I see neither. I know they were installed. On the MVPHosts file, if you look at the length of restricted sites, it is not that long...just several sites mentioned, not a long list.
  • 0

Advertisements


#32
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I did a scan with Ad Aware 2007, and Dr. Web, both showed no infection. I also used this program. I still think my computer has trouble since I am still showing hidden files, and also because Zone Alarm found the trojan.

Malwarebytes' Anti-Malware 1.15
Database version: 839

9:41:48 PM 6/7/2008
mbam-log-6-7-2008 (21-41-48).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 237803
Time elapsed: 1 hour(s), 11 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#33
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Sorry I've been away

You have nothing to worry about, your PC is clean from malware

All you have to do is double click the MVPS bat file to run it

Any other questions ?
  • 0

#34
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
First of all I have another question about the Zone Alarm Pro that found the Win32.trojan.yspy Do you think it is a real trojan or part of the IE Spyad I downloaded? It is in quarantine. It said it recommends deletion, but I am afraid to in case it is a false positive.
  • 0

#35
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Second I clicked on the host's bat file...but like I said, there are very few restricted sites listed, so I don't think it is working right. Also my computer is still running slow. I can take the slow browsing to another area for help....I just thought it was connected to the infections the computer had. You have helped me tremendously, and I admire your knowledge and willingness to help others with very limited knowledge in comparison!
  • 0

#36
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I re-checked also Sophos anti-root kit and it is showing 52 hidden files, in the same location

Area: Local hard drives
Description: Unknown hidden file
Location: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP438\change.log.6
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

I guess you are saying this was all a false positive then. I have never seen anything before show up in Sophos for over a year, so this makes me uneasy. I read and did all of the things you said, and I cannot thank you enough. I set my browser from Sea Monkey to Firefox for default. But since I use Sea Monkey email, it will go to the Sea Monkey browser when I click on a url from an email. I am not sure how to fix that. I tried to find a way to just use email from it, but so far I have not been able to. I do go to a lot of trouble to keep my machine clean, and this is upsetting that I feel like my computer may be infected and I am not even aware of it. I read the part about How Did My Computer Get Infected... before I ever posted on here.

Also Napster is giving my kids a problem because Java is not allowed for that when you click on it. I do not know how to fix that without opening up myself to problems with infection in Java pages. What do you recommend for me to do about that, or should I take this to another part for this question?
  • 0

#37
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
ZoneAlarm gave you a FP

You got MVPS running fine

Ignore what Sophos is finding, it is nothing to worry about

Go to Add or Remove Programs and remove Napster

Anything else ?
  • 0

#38
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I guess that is it. We pay monthly for Napster, so I will have to figure out something for that. (Napster to Go) Anyway thank you very much!!! Consider this thread now closed and taken care of!
  • 0

#39
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP