Jump to content



Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!

Toggle shoutbox Shoutbox Open the Shoutbox in a popup

@  yordan : (16 June 2013 - 05:41 PM) You're Welcome, Agyat!
@  agyat : (16 June 2013 - 07:38 AM) Thanks Yordan...
@  velma : (16 June 2013 - 12:06 AM) I Have Asked Opa To Check For A Backup.. He'll Let Me Know Soon :)
@  velma : (16 June 2013 - 12:05 AM) T_T It Seems That Someone Has Deleted That Topic Since I Found The Url Of The Topic But It Gives Me An Error
@  yordan : (15 June 2013 - 10:31 PM) @velma : It's A Tuto On How To Create A Login Program.
@  yordan : (15 June 2013 - 10:31 PM) Happy Birthday To Youuuuuu Agyat!
@  yordan : (15 June 2013 - 10:31 PM) Ba$
@  agyat : (15 June 2013 - 04:41 PM) :(
@  agyat : (15 June 2013 - 04:41 PM) Where The Hall I Were? 15Th Is Almost At End And No-One Wished Me "happy Birthday"!!!
@  velma : (14 June 2013 - 10:39 AM) Which Tutorial Is He Searching For?
@  velma : (14 June 2013 - 10:38 AM) Which Tutorial Is He Searching For?
@  yordan : (14 June 2013 - 07:47 AM) Ok, Have A Look Tomorrow.
@  yordan : (13 June 2013 - 03:19 PM) @velma, Can You Have A Look At Feelay's Problem? Seems That His Tutorial Is Not Searchable Today.
@  Feelay : (13 June 2013 - 08:11 AM) Oh, Haha
@  velma : (12 June 2013 - 05:39 PM) T_T Lately My Levels Of Procrastination..... **sigh**
@  velma : (12 June 2013 - 05:38 PM) I'll Do It Later
@  velma : (12 June 2013 - 05:38 PM) Procrastinators.. People Who Keep Saying "i'll Do This In A Bit"
@  Feelay : (12 June 2013 - 02:05 PM) Deal Punishments To What?
@  velma : (12 June 2013 - 01:27 PM) T_T We Should Deal Punishments To Procrastinators... Especially Me
@  Feelay : (12 June 2013 - 12:06 PM) As Well As Making It More Secure.

Photo
- - - - -

Not Sure How To Interpret The Output Of The Rootkit Revealer

Started by dserban, Sep 10 2007 07:42 AM

5 replies to this topic

#1 dserban

dserban

    Premium Member

  • [HOSTED]
  • 286 posts

Posted 10 September 2007 - 07:42 AM

I ran a rootkit revealer scan on my Windows XP system, but I find it difficult to interpret the output.
Posted Image
From what I can gather, the registry key discrepancies might indicate that the registry keys storing rootkit device drivers and service settings are not visible to the Windows API, but are present in the raw scan of the registry hive data, and that the files associated with the rootkit are not visible to Windows API directory scans, but are present in the scan of the raw file system data.
The help file says that there is no definitive way to determine, based on the output, if a rootkit is present, but that you should examine all reported discrepancies to ensure that they are explainable.

Can anyone with a trained eye look at the output and help me with either a thumbs up or thumbs down as far as a rootkit being present on my system?

#2 tansqrx

tansqrx

    Super Member

  • [HOSTED]
  • 759 posts

Posted 10 September 2007 - 08:37 PM

I can give it a try but you will have to post the results.

As a side note, several legitimate programs use rootkit type technologies in their functionality. I know several years back Norton Antivirus hid its definition files from the OS. This worked really well to keep viruses from attacking the definition files directly. No one realized what was going on until programs such as rootkit revealer were created and a bunch of suspicious files were popping up. Since then I have heard of several non-rootkit files being detected. You could call them a false positive. Like I said before post the results and I am sure there are several individuals here that can help you.

#3 dserban

dserban

    Premium Member

  • [HOSTED]
  • 286 posts

Posted 11 September 2007 - 05:31 PM

I have saved the results in jpg format and included the picture in the post above.
The results can also be viewed at:
http://www.imagefile...95_revealer.jpg

#4 ethergeek

ethergeek

    Premium Member

  • [HOSTED]
  • 393 posts
  • Gender:Male
  • Location:Tucson, AZ

Posted 11 September 2007 - 05:36 PM

If you don't know what something is, google it. There's legit reasons for hiding files from the API...some being to hide emulation software like Daemon Tools from the retarded protection schemes on game and software CDs, to hiding important antivirus engine files from potential attack from viruses. So just because it says "hidden from windows api" doesn't necessarily mean it's bad.

#5 Guest_(G)Dwiggy_*

Guest_(G)Dwiggy_*
  • Guests

Posted 27 December 2009 - 11:18 PM

interpret Rootkit revealer outputNot Sure How To Interpret The Output Of The Rootkit Revealer

Hello,

I analyzed my laptop with Rootkit revealer but I am not sure of the result is made of false positives only or if there is something to be scared of...

Here are what it found:

- HKLMSECURITYPolicySecretsSAC* 

O bytes

Key name contains embedded nulls (*)

 

- HKLMSECURITYPolicySecretsSAI* 

O bytes

Key name contains embedded nulls (*)

 

- C:System Volume Information_restore{36D576C6-D89E-469E-9FBC-...

1,39 KB

Hidden from Windows API

 

Thanks for any help or advice

 -question by Dwiggy


#6 tansqrx

tansqrx

    Super Member

  • [HOSTED]
  • 759 posts

Posted 11 January 2010 - 11:16 PM

I can’t claim to have a definitive answer but all of these look harmless.

The HKLM\SECURITY\Policy\Secrets area of the registry is where the Windows passwords are stored so it makes sense that this is hidden from the operating system during normal operation. Microsoft has also added some extra protection measures since XP to make the passwords harder to obtain (but still not that hard if you use a Linux boot CD).

The C:\System Volume Information\_restore directory is related to the system restore function (http://en.wikipedia..../System_Restore). Since this is also a fairly low level feature of Windows (you don’t want malware infecting your backup) I would say that this is also fine.
Back to Anti-Virus & Anti-Spyware

Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Open Discussion & Free Web Hosting
  2. Computers & Tech
  3. Software
  4. Anti-Virus & Anti-Spyware
  5. Rules