rootkit.tncore/trace

[smrpeople]

I upgraded to the full version today and activated the resident part of SAS and it appears my rootkit.tncore/trace was removed...

Is this possible?

Now Spybot search and destroy will no longer scan... Just saying really.

[fatdcuk]

I upgraded to the full version today and activated the resident part of SAS and it appears my rootkit.tncore/trace was removed...

Is this possible?

Now Spybot search and destroy will no longer scan... Just saying really.

Ok if you go into SAS software...Preferences>>>statistic's/log

What info does the scan log attach to rootkit.tncore/trace ?

[smrpeople]

I upgraded to the full version today and activated the resident part of SAS and it appears my rootkit.tncore/trace was removed...

Is this possible?

Now Spybot search and destroy will no longer scan... Just saying really.

Ok if you go into SAS software...Preferences>>>statistic's/log

What info does the scan log attach to rootkit.tncore/trace ?

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 02/01/2008 at 12:27 PM

Application Version : 3.9.1008

Core Rules Database Version : 3393

Trace Rules Database Version: 1385

Scan type : Quick Scan

Total Scan Time : 00:47:27

Memory items scanned : 416

Memory threats detected : 0

Registry items scanned : 928

Registry threats detected : 12

File items scanned : 18288

File threats detected : 8

Adware.Tracking Cookie

C:\Documents and Settings\XXX\Cookies\XXX@updates.liquiddigitalmedia[2].txt

C:\Documents and Settings\XXX\Cookies\paul_XXX@findology[1].txt

C:\Documents and Settings\Jacob XXX\Cookies\jacob_XXX@2o7[1].txt

C:\Documents and Settings\Jonathan XXX\Cookies\jonathan_XXX@cdn.atwola[2].txt

C:\Documents and Settings\Jonathan XXX\Cookies\jonathan_XXX@stat.dealtime[2].txt

RootKit.TnCore/Trace

C:\WINDOWS\system32\drivers\core.cache.dsk

Rootkit.Unclassified/ADPU160MM

C:\WINDOWS\system32\drivers\ADPU160MM.SYS

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm#Type

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm#Start

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm#ErrorControl

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm#abcdefg

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm#ImagePath

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm\Parameters

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm\Parameters#0

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm\Enum

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm\Enum#0

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm\Enum#Count

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm\Enum#NextInstance

Trojan.Unclassified/DFV5-Raw

C:\WINDOWS\SYSTEM32\E1E4DFE0E3E2E.EXE

[fatdcuk]

None of what SAS has removed is SpyBot SSD related stuff from what the log details.

Try uninstalling and reinstalling SpyBot.Next scan with SAS again and see if the detctions are repeated.

This should either eliminate or incrimate SAS as the culprit....

[smrpeople]

I don't feel the need for Spybot Search and Destroy to work any longer.

I removed it and am just thrilled that that G.D. RootKit and its pop ups are gone.

I'm a believer in SAS. That smitfraud-c.CoreService was a real MF to remove but it appears to me at least that SAS did the job.

But I'll try reinstalling SBSD and see if it scans.

So far SAS says I'm clean.

[smrpeople]

SBSD installed and is currently scanning. I'll let you know the results of the scan when it finishes.

[smrpeople]

SBSD scan said my computer is clean!

Bye, bye SmitFraud-C.coreservice!

Thank you SuperAntiSpyware!

[Pandato]

You are welcome and thanks to "Ade" also.

[smrpeople]

You are welcome and thanks to "Ade" also.

Who or what is "Ade"?

[fatdcuk]

You are welcome and thanks to "Ade" also.

Who or what is "Ade"?

Me

Ade.

[smrpeople]

You are welcome and thanks to "Ade" also.

Who or what is "Ade"?

Me

Ade.

Well yaaaa! Thank you!