lalittle Report post Posted December 11, 2008 I just did a full scan which reported the following: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 12/10/2008 at 09:03 PM Application Version : 4.21.1004 Core Rules Database Version : 3671 Trace Rules Database Version: 1650 Scan type : Complete Scan Total Scan Time : 00:35:30 Memory items scanned : 341 Memory threats detected : 0 Registry items scanned : 4339 Registry threats detected : 1 File items scanned : 24292 File threats detected : 239 Rootkit.Cloaked/Service-GEN HKLM\system\controlset001\services\PciBus C:\WINDOWS\SYSTEM32\DRIVERS\PCIBUS.SYS I did some research on the PCIBUS.SYS file and was left uncertain as to whether or not this was a false positive. I therefore did NOT check this item when I continued. Later I was considering letting SAS do it's thing on this file, so I did a second scan on just this folder (as well as the registry.) This scan, however, turned up nothing. I'm not sure what to make of this. Why did the second scan not give me the same result as the first given that I did not check the box for this item the first time? I've since updated SAS to the newest version, and will try a new scan, but this behavior has me confused. Does SAS ignore items that were not checked on the first pass? Thanks for any feedback on this, Larry PS. Is it possible that this was a false positive? I checked a couple other systems and they all have this file, which appears to have been created when I installed windows. Share this post Link to post Share on other sites
lalittle Report post Posted December 11, 2008 I just did a full scan with the newest version of SAS and it found nothing. I'm confused about what happened. SAS no longer finds Rootkit.Cloaked/Service-GEN even though it was not removed. I'm concerned about the security of my system now. Thanks again for feedback, Larry Share this post Link to post Share on other sites
SUPERAntiSpy Report post Posted December 12, 2008 Something could have been blocking that file and we saw it was hidden, but now it's not. Share this post Link to post Share on other sites
lalittle Report post Posted December 12, 2008 Something could have been blocking that file and we saw it was hidden, but now it's not. Just to clarify, are you saying that it is only detected as a problem when it IS hidden? Do you know what could have caused it to change from hidden to not hidden on an immediate second pass? I didn't change anything -- I just ran SAS again. Thanks, Larry Share this post Link to post Share on other sites
SUPERAntiSpy Report post Posted December 13, 2008 Something could have been blocking that file and we saw it was hidden, but now it's not. Just to clarify, are you saying that it is only detected as a problem when it IS hidden? Do you know what could have caused it to change from hidden to not hidden on an immediate second pass? I didn't change anything -- I just ran SAS again. Thanks, Larry It's hard to know exactly what happened when we don't have control of the system. Share this post Link to post Share on other sites
