Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 6 subscribers
  • Views 4635 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

unknown hidden files-not recommended for removal

Aurelius13

Hello --

    I just downloaded the Sophos Anti-rootkit tool because I am certain there is something on my machine. I am running Windows Vista x64. I am currently booted into Safe Mode (without networking) on that machine.

After the first scan in Safe Mode, Sophos found several unknown hidden files that were NOT recommended for cleaning or removal.

   I am particularly concerned about C:\Windows\System32\config\RegBack\COMPONENTS.LOG1

   There are a few other files in the AppData\Local....\Temporary Internet Files\...   which Sophos also says are not recommended for cleanup. However, they seem pretty suspicious to me as well.

    Should I remove any or all of these? Any help that someone could provide would be greaty appreciated. Thank you.

:5462


This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    I would recommend going through the following:

    Delete all your Internet temporary files including clearing out cookies etc.

    Turn off your system restore points

    Run the Microsoft Disk Cleanup - found under Accessories - System Tools

    Once you have gone through this re-run the rootkit scan.

    If anything is detected contact Support and send in the:
    %temp%\sarscan.log

    Additionally you can send sample file submitted to labs (http://www.sophos.com/support/knowledgebase/article/11490.html) these will be located in:
    %temp%\samples.sar

    :5596
Reply
  • 0

    Hello,

    I would recommend going through the following:

    Delete all your Internet temporary files including clearing out cookies etc.

    Turn off your system restore points

    Run the Microsoft Disk Cleanup - found under Accessories - System Tools

    Once you have gone through this re-run the rootkit scan.

    If anything is detected contact Support and send in the:
    %temp%\sarscan.log

    Additionally you can send sample file submitted to labs (http://www.sophos.com/support/knowledgebase/article/11490.html) these will be located in:
    %temp%\samples.sar

    :5596
Children
No Data