don't understand rootkit results

Discussion in 'Malware Help (A Specialist Will Reply)' started by sheena, Nov 8, 2009.

  1. sheena

    sheena Corporal

    Hi.
    Well, in a misguided effort to help myself :) I downloaded Trendmicro rootkitbuster from your site. I thought it would just scan and then tell me if I had a rootkit and get rid of it. But it obviously assumed user knowledge I don't have. It said it found 34 hidden files, and listed them. They were from my favorites list, and not hidden at all. They are probably off ie's favorites, which I imported to Firefox, so I have the same favorites on both. And that's about all the thing told me, there were a couple other files, but they didn't seem to have any weird names. Trendmicro called all of the files it found stream files. Wonder why?? There was nothing in this application that explained terminology, or what to expect, or its modus operandi.
    Sheena :confused
     
    sheena, Nov 8, 2009
    #1
  2. sheena

    sheena Corporal

    Ok, thank you to whomever highlighted certain words in green as links to further information for me. So you're making me be self'sufficient.
    ARRRGH!:cry
    Sheena
     
    sheena, Nov 9, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You really should not be running any rootkit scanners unless you are an expert in Windows and malware removal or unless you are being guided by an expert. Rootkit scans do not necessarily point out problems/rootkits. Just like antivirus and antispyware scanners and other tools like HijackThis, they are sometimes just giving you information that needs to be interpreted by an expert. Not everything being shown is a problem and could be quite normal. i.e., many hidden files are just normal.

    Want to know about File Streams? See this (again not necessarily for a novice): http://msdn.microsoft.com/en-us/library/aa364404(VS.85).aspx

    Why are you running a rootkit scan anyway?
     
    chaslang, Nov 11, 2009
    #3
  4. sheena

    sheena Corporal

    Chasling,
    I was wanting to run a rootkit scan because I am anal retentive, and because so many strange things were happening when I was forced by Mozilla to install a new version of Firefox. I was happier with the older version. Also because I still have the cursed 'wwws.no entry found' browser redirecter thingy that takes me from my chosen google to yahoo search engine whenever I browse with IE, but not with Firefox. I had the 'taco' add on with my older version of Firefox, which seemed to prevent this, but with IE it still comes up. I had trouble downloading this add on with the new forced Firefox, but I did it manually and it seems to be working ok. I do remember once getting a free rootkit program from somewhere that actually was supposed to tell you whether or not you were infested. Can't remember which it was, but why can't a rootkit program just bypass the user and pick out and destroy the rootkit?
    sheena
     
    sheena, Nov 12, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Mozilla does not force you to install the new version. You probably enabled automatic updating which was a choice you made. Tens of thousands of people are still using very old versions ( we see it in the logs we collect all the time ) which also have security issues and other problems so updating is advised anyway.

    If you suspect you are having malware problems, you should be running our cleaning procedures and attaching the logs we request. See the pinned/sticky threads.

    Not true since they cannot always tell for sure with all new forms of malware. Yes there are some particular well known rootkit infections that can be immediately pointed out, but since dozens of new ones come out each day, it is impossible for the rootkit scanners to do anything except give a log and have experts check the log for possible problems. Even clean systems will have logs that can show tons of data.

    Because they would break many legit applications and could even make your PC unbootable if they did this on their own.
     
    chaslang, Nov 15, 2009
    #5
  6. sheena

    sheena Corporal

    Chasling,
    Thanks, now I know.
    Except for the following:
     
    sheena, Nov 15, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    My name as chaslang.;)

    I used several dozen PCs between home and work and on none of them is FireFox forcing us to update. It only gets updated when we decide to install the other version except on a few the we have configured to automatically download and install updates. But either way this is not a topic for this forum. If you wish to discuss this further, you should open a specific thread on this in the Software Forum.

    Don't know!


    Are you having any malware problems that you need help with, if so, please run the cleaning procedure and start a new thread describing your problems that remain after running the cleaning procedure. And be sure to attach the required 5 logs. Also do remember that issues with FireFox downloading updates is not a malware problem.
     
    chaslang, Nov 17, 2009
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds