Results 1 to 3 of 3

Thread: virus have rootkit revealer log

  1. #1
    doodahbear Guest

    Default virus have rootkit revealer log

    I have been fighting a virus on 2 computers...both protected with paid zone. Last night after DH was on both computers... started getting virus symtoms again. rootkit log for his computer: since most suspicious entries concern zone, I am hoping you can help me with this

    HKLM\SECURITY\Policy\Secrets\SAC* 10/18/2006 11:51 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SECURITY\Policy\Secrets\SAI* 10/18/2006 11:51 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Zone Labs\ZoneAlarm\BlockCount 2/1/2011 12:49 PM 4 bytes Data mismatch between Windows API and raw hive data.
    HKLM\SOFTWARE\Zone Labs\ZoneAlarm\IncomingCount 2/1/2011 12:49 PM 4 bytes Data mismatch between Windows API and raw hive data.
    C:\System Volume Information\_restore{ADAE5F4D-3A8F-42F7-8894-D60087AD60B2}\RP16\A0006859.RDB 2/1/2011 12:53 PM 1.82 MB Hidden from Windows API.
    C:\System Volume Information\_restore{ADAE5F4D-3A8F-42F7-8894-D60087AD60B2}\RP16\A0006860.RDB 2/1/2011 12:54 PM 1.82 MB Hidden from Windows API.
    C:\System Volume Information\_restore{ADAE5F4D-3A8F-42F7-8894-D60087AD60B2}\RP16\A0006861.RDB 2/1/2011 12:58 PM 1.82 MB Hidden from Windows API.
    C:\System Volume Information\_restore{ADAE5F4D-3A8F-42F7-8894-D60087AD60B2}\RP16\A0006862.RDB 2/1/2011 1:01 PM 1.82 MB Hidden from Windows API.
    C:\System Volume Information\_restore{ADAE5F4D-3A8F-42F7-8894-D60087AD60B2}\RP16\A0006863.RDB 2/1/2011 1:02 PM 1.82 MB Hidden from Windows API.
    C:\System Volume Information\_restore{ADAE5F4D-3A8F-42F7-8894-D60087AD60B2}\RP16\A0006864.RDB 2/1/2011 1:09 PM 1.82 MB Hidden from Windows API.
    C:\System Volume Information\_restore{ADAE5F4D-3A8F-42F7-8894-D60087AD60B2}\RP16\A0006865.RDB 2/1/2011 1:13 PM 1.82 MB Hidden from Windows API.
    C:\System Volume Information\_restore{ADAE5F4D-3A8F-42F7-8894-D60087AD60B2}\RP16\A0006866.RDB 2/1/2011 1:16 PM 1.82 MB Visible in directory index, but not Windows API or MFT.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rol lback\bases\apu 2/1/2011 12:57 PM 0 bytes Hidden from Windows API.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rol lback\bases\apu\apu-0607g.krg 2/1/2011 12:57 PM 831 bytes Hidden from Windows API.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rol lback\bases\apu\apu-0607g.xml 2/1/2011 12:57 PM 4.22 KB Hidden from Windows API.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rol lback\bases\apu\apu.stt 2/1/2011 12:57 PM 21 bytes Hidden from Windows API.
    C:\WINDOWS\system32\ZoneLabs\avsys\temp\update\rol lback\bases\apu\apu0017.dat 2/1/2011 12:57 PM 44.79 KB Hidden from Windows API.
    C:\WINDOWS\Temp\av12.tmp 2/1/2011 1:01 PM 50.29 MB Hidden from Windows API.
    C:\WINDOWS\Temp\avF.tmp 2/1/2011 11:54 AM 50.29 MB Visible in Windows API, but not in MFT or directory index.

  2. #2
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,461

    Default Re: virus have rootkit revealer log

    Welcome to the Zone Alarm User Forum..

    This Forum exist to allow Volunteer experienced Zone Alarm Users to help the Few Users who encounter a problem with ZoneAlarm and need to be guided in the right direction..

    The Following two Forum Links should help Resolve your Problem..

    Malware Clean-up Guidance

    http://forum.zonealarm.com/showthread.php?t=72918
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,283

    Default Re: virus have rootkit revealer log

    Some of the entries seems false positives... note that items listed by rootkit revealer may or may not of malware nature, it's up to the reader to interpret them. So, be careful on what you do with it since you may damage the system and/or the software installed (e.g. ZA).

    I would personally forget about the log and follow the clean up links as already suggests by GURU GeorgeV. After having cleaned fully the systems remember to purge the restore points.
    Last edited by fax; February 1st, 2011 at 12:30 PM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Rootkit Virus
    By ranchito in forum Malware Discussion
    Replies: 0
    Last Post: December 17th, 2010, 01:06 PM
  2. Rootkit Revealer ?
    By longknives in forum Security Issues
    Replies: 3
    Last Post: September 9th, 2008, 04:36 PM
  3. Virus Rootkit.Win32.clbd.jg
    By bennyd in forum Malware Discussion
    Replies: 4
    Last Post: September 5th, 2008, 05:48 AM
  4. ZoneAlarm causing Rootkit Revealer entries?
    By brubold in forum General - Questions that don't fit any other category
    Replies: 1
    Last Post: May 13th, 2008, 11:20 AM
  5. Rootkit revealer
    By number in forum Malware Discussion
    Replies: 0
    Last Post: February 10th, 2007, 11:10 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •