Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 6 subscribers
  • Views 14791 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Free Anti Rootkit

CharlieW

I've downloadeed and run the free anti rootkit. It noted it could not query one registry key. It also noted 22 "unknown hidden files," saying no information is available and it does not recommend cleaning them. I have no idea what to do next. I tried sending a mail message with the logs attached from https://secure.sophos.com/support/query/, but that doesn't seem to be going anywhere. Any advice?

:331


This thread was automatically locked due to age.
  • 0

    Thanks

    Well, I am trying again. I'm not sure how the comma got into the post. I do see your submit a request page. I fill it in. I do the business to attach the files. I'm using Firefox. At the bottom of the window, it says "sending request to secure.sophos.com..." and the little circle keeps turning on the tab. This is the same thing that happened yesterday.  It appears to be related to attaching the files. When I submitted the form without  attaching files it went out OK. I guess I'll see what response I get.

    Meanwhile, I have googled the filenames on the list. They do appear to be the names of legitimate files that might be on my system. I suspect that if I were affected by malware sophos recognizes, it would have offered to remove the files. So, I'm thinking things are OK. Any advice on this?

    :346
  • 0
    CharlieW wrote:

    Thanks

    Well, I am trying again. I'm not sure how the comma got into the post. I do see your submit a request page. I fill it in. I do the business to attach the files. I'm using Firefox. At the bottom of the window, it says "sending request to secure.sophos.com..." and the little circle keeps turning on the tab. This is the same thing that happened yesterday.  It appears to be related to attaching the files. When I submitted the form without  attaching files it went out OK. I guess I'll see what response I get.

    Meanwhile, I have googled the filenames on the list. They do appear to be the names of legitimate files that might be on my system. I suspect that if I were affected by malware sophos recognizes, it would have offered to remove the files. So, I'm thinking things are OK. Any advice on this?

    Correct, if we knew about them already, we'd offer more details - when it's unknown, we typically just want to take a look so we can be sure we're not missing anything new.

    If the file can't upload through our web interface, feel free to email the ZIP to support@sophos.com, or simply call/email the Support team and request an FTP location - they can set you up a temporary account and get the files across that way.

    Or, if you are confident they are legitimate files, you are all set :)

    :349
  • 0

    Hello, 

              I ran your anti rootkit software on a computer that does not show any sign of infection, but I did it because another computer in the lab, running AVG free 8.5 was infected with a rootkit.mrb, as identified by malwarebytes' anti-malware. I have Sophos installed on my computer and is up to date.

    The result of the scan was 32 unknown hidden files. One of them was related to firefox, and I guess it was found because I was running mozilla firefox while the scan was performed. The other 31 were all internet temporary files for Internet Explorer 5 in a different account on the same computer. I think that other account has been used probably two times ever.

    So my question is, based on the location of the files can I be confident they are not an indication of a threat?

    After I found this, I started a full and in depth scan with regular Sophos. I still don't know what the result is because I came home.

    Thanks for your time and advice.

    :602
  • 0

    Can this fix registry problems?

    :17273
  • 0

    This looks like an interesting product. I have never heard of a "rootkit" - is this just a dormant virus which gets triggered to activate somehow? Or something very new on the internet?

    I currently have Norton anti-virus protection, but have not heard about rootkits?

    Can anyone provide more info on what this is, and should I  be worried if i have anti-virus software already?

    Thanks.

    :17643
  • 0

    Hello BillKx,

    for a short description please see the Glossary. Rootkits also regularly make headlines on nakedsecurity. You'll also find a detailed article on Wikipedia. As you see they are nothing new.

    Now a rootkit has to get into the computer somehow. It is likely but not 100% guaranteed that the attempt to install it will be intercepted by an up to date A-V scanner. If it's not and the rootkit is installed later updates of the A-V scanner might not be able to detect it as it will successfully evade detection (but additional stuff downloaded by it might still be detected). A rootkit scan is a complementary tool.

    Christian

    :17679