« previous next »
Pages: [1]

Author Topic: How Do I Know What To Remove? (RootKit)  (Read 4528 times)

0 Members and 1 Guest are viewing this topic.

January 29, 2015, 11:00:14 PM

Sooki808

  • Newbie
  • Offline
  • *
  • 2
  • Reputation:
    0
    • View Profile
How Do I Know What To Remove? (RootKit)
« on: January 29, 2015, 11:00:14 PM »
I just ran RK and it came up clean except for a bunch of stuff in the AntiRootKit tab. How do I know which ones to get rid of? I've run Malwarebytes and Avast - both saying my computer is clean. I've looked up the names of several of these and it seems they are possibly part of Windows? I'm confused.

Here is a copy of my report:

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sooki [Administrator]
Mode : Scan -- Date : 01/29/2015  11:44:22

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 0hhds3ij.default : user_pref("browser.startup.homepage", "http://facebook.com/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] a057a4d7624cac57913ebddea215b676
[BSP] 27b00198999261e466b2a5918339f458 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] 26d5f589281eb5a5c4bac83fed5ffcb4
[BSP] 564abe32b353da117b76ddc5c328125e : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_01292015_104358.log - RKreport_SCN_01292015_104257.log - RKreport_SCN_01292015_104524.log
« Last Edit: January 29, 2015, 11:04:43 PM by Sooki808 »
Logged
Reply #1January 29, 2015, 11:10:19 PM

Sooki808

  • Newbie
  • Offline
  • *
  • 2
  • Reputation:
    0
    • View Profile
Re: How Do I Know What To Remove? (RootKit)
« Reply #1 on: January 29, 2015, 11:10:19 PM »
I just looked at the report I posted and I'm even more confused as it seems to report nothing for the rootkits, yet, on my screen, I have dozens of detections in green. Most of them have IRP names.
Logged
Reply #2January 30, 2015, 01:54:19 AM

Curson

  • Global Moderator
  • Hero Member
  • Offline
  • *****
  • 2812
  • Reputation:
    100
    • View Profile
Re: How Do I Know What To Remove? (RootKit)
« Reply #2 on: January 30, 2015, 01:54:19 AM »
Hi Sooki808,

Welcome to Adlice.com Forum.

Your report is clean.
The lines which are highlighted in green in the Rootkit section are legit elements which should not be removed.

Note : This thread has been moved to the "RogueKiller" section for clarity.
Logged
Pages: [1]
« previous next »