Rootkit false positives

I enabled rootkit scanning with low heuristics and detected 13 threats. I believe they are all false positives, but I can’t find much info from scanning the web. The ADSM files are Asus Data Security Manager. I can’t locate info on the Safe* files, but I found a number of other users who have posted these in various log files. I can’t access the directories or files even though I show hidden files and protected operating system files. What are these _avt and _lit files? How can I determine if they are dangerous? Should I tell Comodo to clean/remove them?

Rootkit.HiddenFile@0 c:\ADSM_PData_0150_avt
Rootkit.HiddenFile@0 c:\ADSM_PData_0150\DragWait.exe
Rootkit.HiddenFolder@0 c:\ADSM_PData_0150\DB
Rootkit.HiddenFile@0 c:\Users\steve\Safe Doc_avt
Rootkit.HiddenFile@0 c:\Users\steve\Safe Doc_lit
Rootkit.HiddenFile@0 c:\Users\steve\Safe Music_avt
Rootkit.HiddenFile@0 c:\Users\steve\Safe Music_lit
Rootkit.HiddenFile@0 c:\Users\steve\Safe Video_avt
Rootkit.HiddenFile@0 c:\Users\steve\Safe Video_lit
Rootkit.HiddenFolder@0 c:\Users\steve\Safe Video
Rootkit.HiddenFolder@0 c:\Users\steve\Safe Doc
Rootkit.HiddenFolder@0 c:\Users\steve\Safe Music
Rootkit.HiddenFolder@0 c:\ADSM_PData_0150

Moved to f/p board.

Hello amerson,

Please submit the detected files/registry entries to us so we can check them.

Best regards,
FlorinG

If your not running x64 bit version of windows you can use Gmer to browse the hidden files and save them.
If your running x64 best thing is to boot from a boot CD/DVD like e.g. Ultimate Boot CD/DVD for Windows to access these files/folders.

FlorinG

Please submit the detected files/registry entries to us so we can check them.

How do I submit the files? I selected “Ignore: report this to Comodo as a false alert” and it told me “Report as false alert is not an option for some selected threats.”

Thanks

I downloaded and ran gmer and it did not locate these files. I still do not know how to send them to Comodo for analysis, since I cannot access or locate them outside Comodo.

have you enabled “show hidden files” in windows explorer?

Here is a guide how to do so.

I have enabled “Show hidden files, folders, and drives” and not enabled “Hide protected operating system files” however I cannot see these hidden files except through Comodo rootkit results.

Then an ‘offline’ investigation of this disk is advisable, try using Ultimate boot cd for windows or Hiren’s boot cd and use that explorer to see if the reported files/folders are there.

http://www.ubcd4win.com/
http://www.hiren.info/pages/bootcd

I’d advise to start with Hiren’s boot cd as it’s easier