Spy Sweeper found "potentially rootkit-masked files"

Discussion in 'other anti-malware software' started by Chamlin, Aug 14, 2006.

Thread Status:
Not open for further replies.
  1. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    v5.07 found 8 traces of "potentially rootkit-masked files".

    How do I know whether it is really a problem and safe to remove this?

    Can it be legitimate and screw up my system if I remove it?
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hi i have had that. you really check the log file. btw have you got windows live messenger and use sharing folders? because i do have windows live messenger and use sharing folders and spysweeper detected my only two sharing folders in windows live messenger as possible masked files. so can you post the log here please? because im interested to see if it is the same thing as i got or something else.

    lodore
     
  3. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    I'd be happy to post a log file. How do I get to the log? Will there be a log if I haven't yet decided to quarantine the rootkit thing (which I haven't.).

    Not running Windows messenger to my knowledge.

    Thanks for the help!
     
  4. as1m

    as1m Registered Member

    Joined:
    Jul 9, 2006
    Posts:
    23
    Hi,

    Maybe got nothing to do with it but do u have "MS Private Folder" or the like?

    I know MS Private folder triggers these alerts on my machine.

    Thanks.
     
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    The Session log will more than likely be very long and the only part that would need to be posted would be the items found concerning "rootkit-masked files". To do this open Spysweeper and select Options from the left menu and in the far right box area you should see View Session Log. Select that and highlight the lines dealing with the rootkit-masked entries and copy paste that info into a new post here.

    Also....Spy Sweeper's "potentially rootkit-masked files" detection is not definition based, it is essentially looking for descrepancies between what windows sees and what is actually on disk and will from time to time detect harmless files. There are various reasons that this happens but usually it's just a timing issue and subsequent sweeps will not detect the files.

    I would suggest you perform another scan but to save time adjust what is re-scanned by going into Options again and uncheck all drives and all other items except Sweep for rootkits. Enable Direct Disk Sweeping will have to be checked also in order to select Sweep for rootkits.

    Bubba
     
Loading...
Thread Status:
Not open for further replies.