Welcome Guest ( Log In | Register )



 
 Reply to this topicStart new topic
> Not Sure How To Interpret The Output Of The Rootkit Revealer
dserban
post Sep 10 2007, 07:42 AM
Post #1


Premium Member
Group Icon

Group: [HOSTED]
Posts: 286
Joined: 17-June 07
Member No.: 22,702
I ran a rootkit revealer scan on my Windows XP system, but I find it difficult to interpret the output.

From what I can gather, the registry key discrepancies might indicate that the registry keys storing rootkit device drivers and service settings are not visible to the Windows API, but are present in the raw scan of the registry hive data, and that the files associated with the rootkit are not visible to Windows API directory scans, but are present in the scan of the raw file system data.
The help file says that there is no definitive way to determine, based on the output, if a rootkit is present, but that you should examine all reported discrepancies to ensure that they are explainable.

Can anyone with a trained eye look at the output and help me with either a thumbs up or thumbs down as far as a rootkit being present on my system?
Go to the top of the page
 
+Quote Post
tansqrx
post Sep 10 2007, 08:37 PM
Post #2


Super Member
Group Icon

Group: [HOSTED]
Posts: 557
Joined: 25-April 05
Member No.: 4,374
myCENTs:17.04
I can give it a try but you will have to post the results.

As a side note, several legitimate programs use rootkit type technologies in their functionality. I know several years back Norton Antivirus hid its definition files from the OS. This worked really well to keep viruses from attacking the definition files directly. No one realized what was going on until programs such as rootkit revealer were created and a bunch of suspicious files were popping up. Since then I have heard of several non-rootkit files being detected. You could call them a false positive. Like I said before post the results and I am sure there are several individuals here that can help you.
Go to the top of the page
 
+Quote Post
dserban
post Sep 11 2007, 05:31 PM
Post #3


Premium Member
Group Icon

Group: [HOSTED]
Posts: 286
Joined: 17-June 07
Member No.: 22,702
I have saved the results in jpg format and included the picture in the post above.
The results can also be viewed at:
http://www.imagefilez.com/out.php/i162695_revealer.jpg
Go to the top of the page
 
+Quote Post
ethergeek
post Sep 11 2007, 05:36 PM
Post #4


Premium Member
Group Icon

Group: [HOSTED]
Posts: 393
Joined: 9-March 07
From: Tucson, AZ
Member No.: 20,794
If you don't know what something is, google it. There's legit reasons for hiding files from the API...some being to hide emulation software like Daemon Tools from the retarded protection schemes on game and software CDs, to hiding important antivirus engine files from potential attack from viruses. So just because it says "hidden from windows api" doesn't necessarily mean it's bad.
Go to the top of the page
 
+Quote Post
« Next Oldest · Anti-Virus & Anti-Spyware · Next Newest »
 

Reply to this topicStart new topic

Collapse

> Similar Topics

Topics Topics
  1. Issue With MySQL Database(1)
  2. Is The Output Of A Sony Memory Stick Pro Duo Weak?(2)
  3. Symantec Using Sony Drm-like Rootkit?(1)
  4. Sound Output Suddenly Muted And Fuzzy(2)
  5. MySQL Output Database Question(18)
  6. Obtain The Audio Output From iTunes(1)
  7. How To Show Serial Nums In PHP Table For Contents Of MySQL DB(4)
  8. Can Someone Get A Rootkit Certified?(1)
  9. Pascal For Beginners - Part One(7)
  10. Rootkit Revealer Locks Up My System(2)
  11. Do I Need To Do Any Extra Setup For Audio / Video Output?(1)
  12. New Video Output. :)(1)
  13. Parse PHP And Display PHP Generated Output(8)
  14. How To Connect Ps2 Output To Pc / Monitor?(4)


 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

- Lo-Fi Version Time is now: 3rd December 2008 - 11:34 PM
Powered By IP.Board 2.2.1 © 2008  IPS, Inc.
Licensed to: Xisto Corporation