Greetings Schadenfroh,
I have tested the latest release of your Script and it does a very good job.
However the ClamWinportable doesn't seem to launch. I ran the script on 2 different machines and both ClamResults files have empty records.
Speaking of Rootkits scanner script, it will be good to have it separate, as this current script takes a very long time for the scan to complete. 5 Hours+ for me on the second machine (only 40 Gigabyte drive, but 6 accounts !!!).
During the scanning there is a prompt to press a key to continue, either to launch the next scan engine or to decide what to do with a suspicious file (i was on scan only mode). This makes mandatory(?) to keep an eye on what's going on.
I ran a rootkit scan too but only the next day (i was "knocked out" by the 5Hours Sentinel position).
And here to i was prompted to decide what to do with the suspicious findings. I used Rootkit Reveal and it trigered Antivir during the scan.
I used your script in conjunction with rootkit reveal in an attempt to bust something Big deeply rooted in one the systems i configured, but the outcome is mixed. I explain:
The Facts
1>> i configured a second hand system(1) delivered raw with XP Pro preinstalled.
2>> i planned to use real vnc to maintain the system(1)
3>> I had port issues with commodo on both ends, so i uninstalled it from the remote machine(1) and unabled the windows firewall and made connection attempts to my listening viewer on machine(2)
4>>Once i physically got back to machine(2), commodo logs showed 2 other attemps(blocked) made from different ip addresses, different from machine(1) isp pool addresses).
This happened 1 hour after my attempts which were also logged, and another attempt was made deep in the night.
The assumptions
My constant paranoia mood scalated to schizophrenia. Needless to add that that night was the longuest of my life...
My scenario was the techies from the second hand computer shop have planted a rootkit.
Next morning i rushed to machine(1) and started my endless scannings.
Scan outcome
1 a Riskware.AdTool.Win32.Zango.e (Asquare)
2 the Puper trojan + Adware-ZangoSA (McAfee)
3 spyware :Adware/Zango (Panda)
All these in limited users accounts.
The rootkit scan results show discrepanties that seem "normal", from what i could read on their website and from searches i made on google.
The Configuration & my questions
Machine(1) is connected to the internet thru Ethernet and there is no Lan.
One Administrator's Account (Renamed) and the rest is limited accounts.
Avira Antivirus
Windows Firewall
Could those detected malwares transmit keystroks or data regarding the other computer i was trying to access even though they were located on a limited account.
Were the blocked attempts from commodo just normal port triggering ?
Merry Christmas & Happy New Year,
Thank you for your imput.