Rootkit false positives

[Guest]

[amerson]

I enabled rootkit scanning with low heuristics and detected 13 threats.  I believe they are all false positives, but I can't find much info from scanning the web.  The ADSM files are Asus Data Security Manager.  I can't locate info on the Safe* files, but I found a number of other users who have posted these in various log files.  I can't access the directories or files even though I show hidden files and protected operating system files.  What are these _avt and _lit files?  How can I determine if they are dangerous?  Should I tell Comodo to clean/remove them?

Rootkit.HiddenFile[at]0 c:\ADSM_PData_0150\_avt
Rootkit.HiddenFile[at]0 c:\ADSM_PData_0150\DragWait.exe
Rootkit.HiddenFolder[at]0 c:\ADSM_PData_0150\DB
Rootkit.HiddenFile[at]0 c:\Users\steve\Safe Doc\_avt
Rootkit.HiddenFile[at]0 c:\Users\steve\Safe Doc\_lit
Rootkit.HiddenFile[at]0 c:\Users\steve\Safe Music\_avt
Rootkit.HiddenFile[at]0 c:\Users\steve\Safe Music\_lit
Rootkit.HiddenFile[at]0 c:\Users\steve\Safe Video\_avt
Rootkit.HiddenFile[at]0 c:\Users\steve\Safe Video\_lit
Rootkit.HiddenFolder[at]0 c:\Users\steve\Safe Video
Rootkit.HiddenFolder[at]0 c:\Users\steve\Safe Doc
Rootkit.HiddenFolder[at]0 c:\Users\steve\Safe Music
Rootkit.HiddenFolder[at]0 c:\ADSM_PData_0150

[EricJH]

Moved to f/p board.

[FlorinG]

Hello amerson,

Please submit the detected files/registry entries to us so we can check them.

Best regards,
FlorinG

[Ronny]

If your not running x64 bit version of windows you can use Gmer to browse the hidden files and save them.
If your running x64 best thing is to boot from a boot CD/DVD like e.g. Ultimate Boot CD/DVD for Windows to access these files/folders.

[amerson]

FlorinG

Please submit the detected files/registry entries to us so we can check them.

How do I submit the files?  I selected "Ignore: report this to Comodo as a false alert" and it told me "Report as false alert is not an option for some selected threats." 

Thanks

[amerson]

I downloaded and ran gmer and it did not locate these files.  I still do not know how to send them to Comodo for analysis, since I cannot access or locate them outside Comodo.

[wasgij6]

have you enabled "show hidden files" in windows explorer?

Here is a guide how to do so.

[amerson]

I have enabled "Show hidden files, folders, and drives" and not enabled "Hide protected operating system files" however I cannot see these hidden files except through Comodo rootkit results.

[Ronny]

Then an 'offline' investigation of this disk is advisable, try using Ultimate boot cd for windows or Hiren's boot cd and use that explorer to see if the reported files/folders are there.

http://www.ubcd4win.com/
http://www.hiren.info/pages/bootcd

I'd advise to start with Hiren's boot cd as it's easier

[Tags:]