Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sophos Anti-Rootkit reports tons of "Unknown hidden file"s. Normal? Preventable?


  • Please log in to reply
1 reply to this topic

#1 Keefe8

Keefe8

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 21 March 2010 - 07:27 PM

I'm working on cleaning a friend's Vista PC. I already used my usual favorites MBAM, Spybot S&D, Adaware, and SAS, and removed some malware they found. Now I'm trying Sophos Anti-Rootkit for the first time just to cover all possibilities.
But it is listing tons of files as "Unknown hidden file", most of which are exe's and dll's, most of which look perfectly legitimate, such as 'C:\Users\mickie\Downloads\install_flash_player.exe' which I downloaded using Secunia PSI earlier.
Sophos' readme says that if drive compression is used, this can happen, but I checked that folder mentioned above ('C:\Users\mickie\Downloads\') and it's not compressed. Neither do the files have the 'hidden' attribute set in Explorer.
Why is this happening? Am I doing something wrong?

BC AdBot (Login to Remove)

 


#2 Keefe8

Keefe8
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 21 March 2010 - 09:18 PM

I used msconfig to temporarily disable all non-MS services and startup items, including some AVG stuff, and ran Sophos ARK again. Still get a ton of "Unknown hidden file" listings.
If I want a list of all exe's and dll's on the system, I can use Windows Search. What's the point of Sophos doing this?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users