Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Sophos Anti-rootkit question


13 Sep 2010   #1

Windows 7 Ultimate
 
 
Sophos Anti-rootkit question

Hello,
I don't know if you guys can answer this, but so far you're 100%. Sophos Anti-Rootkit will often show hidden files which are either wrongly identified or are hidden copies of what appear to be plan downloaded backups of program installers in my download folder, sometimes other. So far it has not given the advice to clean any files. Is this a glitch or something that needs to be worried about? I only use it occasionally, to maybe catch something my regular resident and run on demand malware scanners miss. I use Malware Anti-Malware, SuperAntispyware as run on demand, with McAfee paid Internet Suite and Threatfire as resident running.
Any help or explanation is appreciated. Thanx
glennc

My System SpecsSystem Spec
.

13 Sep 2010   #2

windows 7 Pro x64
 
 

Hi glennc the files listed are "possible" threads, and it's not a glitch, as I see you are very secured with Malware Anti-Malware, SuperAntispyware, McAfee Internet Suite, and Threatfire. Do you run all of them in real-time? Best not to...
My System SpecsSystem Spec
13 Sep 2010   #3

Windows 7 Ultimate
 
 

Hello mindinka,
Thank your for responding. Could you possible go into a bit more detail about the "possible" threads, as they are all in the Download Folder and some on PCWizard related files. I run McAfee and Threatfire as resident(real time) and use the other's for manual scans. I don't know if you can explain the problem of running multiple AV's or Spywares as real time. I have previously done it without apparent consequences up to XP Pro. I just don't understand the failings of a multilayered coverage. I know that Threatfire is designed to run with a Real time Firewall, AV and Malware program.
Just confused. Appreciate your time.
glennc
My System SpecsSystem Spec
.


13 Sep 2010   #4

Microsoft Community Contributor Award Recipient

Win 7 Pro 64-bit
 
 

A lot of people hear the word rootkit and immediately think the worst. A rootkit is actually any kind of software (or program) that provides access to resources, files and system information. So by definition, if law enforcement installs some kind of software to monitor someones computer, or if a parent installs a nanny program to monitor their childrens computer usage, that computer has a rootkit installed.

Sophos is a well respected anti-malware firm that got its start in a business environment. Because their clients deal with huge sums of money, international transactions, etc. their programs are designed to err on the side of caution. When they opened their products to individuals, they really didn't change their software too much. And that has led to those "wrongly identified" notices. Again, the logic is to bring it to the users attention and let the user decide if it's really something to worry about. If you want to double check your system Trend Micro also has a lightweight scan called Rootkit Buster you could use. You might need to run it in administrator mode.
My System SpecsSystem Spec
13 Sep 2010   #5

windows 7 Pro x64
 
 

As marsmimar already said "possible" does not necessary mean real thread, the virtual driver for instance could be a "thread" in some cases, although it's not, some anti-malware applications conflict with each other because of that, if you try to run trainer for game, that could become as "possible thread". If all of your security software did not detect any threads... ThreatFIre is very good at finding nasties and yet... it gives sometimes false-positive on some things like game trainers... It's of course up to you to trust or not what the Sophos application shows to you, but it's possible to check "untrusted" programs with other security applications, which you have.
My System SpecsSystem Spec
13 Sep 2010   #6

Windows 7 Ultimate
 
 

Gentlemen,
Thanks for your time in explaining in more detail the questions I had. With this new found knowledge, I believe I am pretty safe. Who really knows. Take care.
glennc
My System SpecsSystem Spec
14 Sep 2010   #7

windows 7 Pro x64
 
 

Of course you are... Stay SAFE...
My System SpecsSystem Spec
Reply

 Sophos Anti-rootkit question




Thread Tools



Similar help and support threads for: Sophos Anti-rootkit question
Thread Forum
Malwarebytes Anti-Rootkit 1.1.0.1016 Beta Update System Security
Malwarebytes releases Anti-Rootkit beta Security News
Best Anti-Rootkit for x64 windows 7? System Security
McAfee introduces anti-rootkit security beyond the OS Security News
Solved Is Sophos rootkit scanner reliable? System Security
Anti-Rootkit scanners for x64? System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:40 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33