Jump to content
smrpeople

rootkit.tncore/trace

Recommended Posts

I upgraded to the full version today and activated the resident part of SAS and it appears my rootkit.tncore/trace was removed...

Is this possible?

Now Spybot search and destroy will no longer scan... Just saying really.

Share this post


Link to post
Share on other sites
I upgraded to the full version today and activated the resident part of SAS and it appears my rootkit.tncore/trace was removed...

Is this possible?

Now Spybot search and destroy will no longer scan... Just saying really.

Ok if you go into SAS software...Preferences>>>statistic's/log

What info does the scan log attach to rootkit.tncore/trace ?

Share this post


Link to post
Share on other sites
I upgraded to the full version today and activated the resident part of SAS and it appears my rootkit.tncore/trace was removed...

Is this possible?

Now Spybot search and destroy will no longer scan... Just saying really.

Ok if you go into SAS software...Preferences>>>statistic's/log

What info does the scan log attach to rootkit.tncore/trace ?

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 02/01/2008 at 12:27 PM

Application Version : 3.9.1008

Core Rules Database Version : 3393

Trace Rules Database Version: 1385

Scan type : Quick Scan

Total Scan Time : 00:47:27

Memory items scanned : 416

Memory threats detected : 0

Registry items scanned : 928

Registry threats detected : 12

File items scanned : 18288

File threats detected : 8

Adware.Tracking Cookie

C:\Documents and Settings\XXX\Cookies\XXX@updates.liquiddigitalmedia[2].txt

C:\Documents and Settings\XXX\Cookies\paul_XXX@findology[1].txt

C:\Documents and Settings\Jacob XXX\Cookies\jacob_XXX@2o7[1].txt

C:\Documents and Settings\Jonathan XXX\Cookies\jonathan_XXX@cdn.atwola[2].txt

C:\Documents and Settings\Jonathan XXX\Cookies\jonathan_XXX@stat.dealtime[2].txt

RootKit.TnCore/Trace

C:\WINDOWS\system32\drivers\core.cache.dsk

Rootkit.Unclassified/ADPU160MM

C:\WINDOWS\system32\drivers\ADPU160MM.SYS

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm#Type

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm#Start

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm#ErrorControl

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm#abcdefg

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm#ImagePath

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm\Parameters

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm\Parameters#0

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm\Enum

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm\Enum#0

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm\Enum#Count

HKLM\SYSTEM\CurrentControlSet\Services\adpu160mm\Enum#NextInstance

Trojan.Unclassified/DFV5-Raw

C:\WINDOWS\SYSTEM32\E1E4DFE0E3E2E.EXE

Share this post


Link to post
Share on other sites

:? None of what SAS has removed is SpyBot SSD related stuff from what the log details.

Try uninstalling and reinstalling SpyBot.Next scan with SAS again and see if the detctions are repeated.

This should either eliminate or incrimate SAS as the culprit....

Share this post


Link to post
Share on other sites

I don't feel the need for Spybot Search and Destroy to work any longer.

I removed it and am just thrilled that that G.D. RootKit and its pop ups are gone.

I'm a believer in SAS. That smitfraud-c.CoreService was a real MF to remove but it appears to me at least that SAS did the job.

But I'll try reinstalling SBSD and see if it scans.

So far SAS says I'm clean.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...