PDA

View Full Version : Please help possible Rootkit detected by Webroot SpySweeper.



symiggy
30-06-2006, 10:04 PM
I have just downloaded and installed IE7 and all seemed to be doing well with no apparent problems.
However I routinely have Webroot Spy Sweeper do a full system scan at the end of the day, and it detected a critical Trace which it has quarantined but is not able to remove since on repeat scanning the same trace is found.

The potential rotkit is described as follows:

c:\documents and settings\owner\local settings\temporary internet files\antiphishing\07fb382d-aa75-4683-82f4-eab265a275cb.dat

Name: potentially rootkit-masked files
Risk rating: critical
Traces found: 1
Description: Spy sweeper has detected files that are hidden from windows. Potentially this indicates the presence of a rootkit.

I have also scanned my system with Ad-Aware, Spybot S&D and NOD32 with clean scans by all three.

I would really appreciate some advice regarding:

1]Is this something to worry about?
2]Could it be a normal part of IE7 that is being mistaken as a Rootkit?
3]Do I need to remove it, and if so...how??

Many thanks for your help. :waughh:

Jen
30-06-2006, 10:15 PM
That file is located in your temporary internet file. What happens you you delete all your temp internet files?

symiggy
30-06-2006, 10:50 PM
That file is located in your temporary internet file. What happens you you delete all your temp internet files?

Jen:

I just deleted all my temporary Internet files using both CCleaner as well as the Temporary Internet file deletion button in IE7...with no effect. IE the trace is still there on repeat scan.

tweak'e
30-06-2006, 11:02 PM
give rootkit revealer a run.

http://www.majorgeeks.com/download.php?det=4652

symiggy
01-07-2006, 05:25 PM
give rootkit revealer a run.

http://www.majorgeeks.com/download.php?det=4652

Tweak'e:

I did in fact look at Rootkit Revealer as you suggested I also read the help files and to be quite honest, I don't think that I have the knowledge, background or skill to interpret the results.

a friend of mine believes that what webroot Spy sweeper is reporting as a possible Rootkit may in fact be an integral part of IE7 since it is still in Beta release.
As an expert , what do you think?
Should I worry and short of reformatting my hard drive what should i do??
Thanks for your help. :confused: