potentially rootkit-masked files...?

**jholland1964** · 09-14-2006, 12:44 AM

i thought it was weird though that spysweeper found NOTHING when i ran it in safemode, but it finds a rootkit every time i run in normal mode?

I think that is odd also. Wonder if this could be a false positive?

You might also search for these two files manually in C:\Windows\
imsins.log
KB887998.log

**robot_takeover** · 09-14-2006, 12:51 AM

here is what happened when i ran the sophos rootkit remover, and what it said.

http://i98.photobucket.com/albums/l2...006/sophos.jpg

i was scared to remove what it found, since it looked like it might screw up my computer further. would you please advise me what to do next?

**robot_takeover** · 09-14-2006, 12:51 AM

i did search for them manually, and found them, but could not delete them when i searched.

**jholland1964** · 09-14-2006, 01:01 AM

Well this problem evidently has popped up for many, because my search this evening has produced several results...yesterday and day before...none.

I believe now, unless your computer is running very badly, that these ARE false/ postives results. I have just found this on numerous sites;

"Because of the technology that Spysweeper uses, alot of times it alarms you of potentially masked rootkit files. Typically this is nothing to be alarmed about as it only looks for differences between the disk and what Windows reports back. This is not definition based.
There is a setting in the shield tab to check for root kits, untick this option.True rootkit detection is far beyond an app like SpySweeper"

Add the above remarks to the results of your Sophos Rootkit Remover I would say that in all likelyhood you DO NOT have a rootkit on your computer.
So unless you are having major problems, I would ignore this warning and follow the directions given in italics above for NOT having Spysweeper check for rootkits.

**robot_takeover** · 09-14-2006, 01:09 AM

ok... i am wary, but i will do as you suggest. i have just been scared to access my bank account or even email accounts from my pc, for fear that someone may be logging my passwords... =o/

**robot_takeover** · 09-14-2006, 01:11 AM

and i dont see a shield for rootkits... closest thing i see is one for keyloggers...?

**jholland1964** · 09-14-2006, 08:24 AM

Ok, do this;
Go to this website http://virusscan.jotti.org/
The page will upload this file from your computer and run it through multiple virus scans. You will receive a report on what each one finds. Save it as a text file on your computer.

At the very top of that page there is a place to place the name of the files that spysweeper keeps noting.
Below are the four files you need to submit, one at a time. The page will scan each file and give you a report on each. Save the reports and post them here. If NOTHING is found on any of them then don't bother to post the report for that one just post back that nothing was found. Here are the files. Do them one at a time.

C:\WINDOWS\imsins.log
C:\WINDOWS\imsins.BAK
C:\WINDOWS\Kb887998.log
C:\WINDOWS\KB887742.log

**robot_takeover** · 09-14-2006, 07:24 PM

ok... so this is weird. (is it?)

C:\WINDOWS\imsins.log & C:\WINDOWS\Kb887998.log
now no longer exist. (at least not in C:\WINDOWS.)

the other two, i uploaded, and they scanned clean. should i assume i am safe now? do you know why those other 2 files would have disappeared?

**jholland1964** · 09-14-2006, 10:15 PM

They were removed by one or another of the programs. OR they never really existed and Spysweeper was showing a false positive as mentioned earlier.
Yes, I would say your system is clean now.

Thread: potentially rootkit-masked files...?

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions