Jump to content



Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!

Toggle shoutbox Shoutbox Open the Shoutbox in a popup

@  agyat : (23 May 2013 - 01:23 AM) Wow! Mr. Sb Back Home.
@  OpaQue : (23 May 2013 - 12:44 AM) Ting
@  OpaQue : (24 April 2013 - 02:44 PM) I guess, Time to run Mycent script.
@  OpaQue : (24 April 2013 - 02:43 PM) wow.. not much spam. except habatt posting lot of links.. :P
@  yordan : (23 April 2013 - 01:04 PM) You're welcome, agyat. Nice to have been helpful. Second lesson: try full words, "you" instead of "EW".
@  agyat : (23 April 2013 - 05:03 AM) @YORDAN: tHANK EW FOR YOUR FIRST LESSON.   :D
@  yordan : (22 April 2013 - 09:43 PM) @agyat : "why don't you help me", or "please help me", or "please teach us"
@  yordan : (22 April 2013 - 09:42 PM) welcome back, velma
@  velma : (22 April 2013 - 07:51 AM) **yawns** Good to be back, wonder what is going on here :)
@  agyat : (22 April 2013 - 03:50 AM) Oh! so, why don't help me learn english..
@  yordan : (21 April 2013 - 08:38 PM) The goal mentioned by shiu : "learning english, learning computer"
@  agyat : (21 April 2013 - 06:31 PM) WHAT GOAL?
@  yordan : (20 April 2013 - 10:39 AM) yes, that's our goal. simultaneouly learning English and teaching/learning computer using.
@  shiyu : (20 April 2013 - 07:30 AM) learning english,learning computer
@  yordan : (19 April 2013 - 01:11 PM) Oh, I see, it's just a trick in order to force people looking at your texte. Somehow smart, maybe.
@  agyat : (19 April 2013 - 02:54 AM) And of course I know it is not SEO friendly.
@  agyat : (19 April 2013 - 02:52 AM) There may be two possible answers for that ....


1) Shout was posted using mobile keypad.

2) To force people read content carefully and/or with more concentration.
@  agyat : (19 April 2013 - 02:49 AM) There may be two possible answers for that ....
@  yordan : (18 April 2013 - 09:35 PM) however, why this mixing of capital letters in the middle of your text?
@  agyat : (18 April 2013 - 11:10 AM) false feelings.

Photo
- - - - -

Not Sure How To Interpret The Output Of The Rootkit Revealer

Started by dserban, Sep 10 2007 07:42 AM

5 replies to this topic

#1 dserban

dserban

    Premium Member

  • [HOSTED]
  • 286 posts

Posted 10 September 2007 - 07:42 AM

I ran a rootkit revealer scan on my Windows XP system, but I find it difficult to interpret the output.
Posted Image
From what I can gather, the registry key discrepancies might indicate that the registry keys storing rootkit device drivers and service settings are not visible to the Windows API, but are present in the raw scan of the registry hive data, and that the files associated with the rootkit are not visible to Windows API directory scans, but are present in the scan of the raw file system data.
The help file says that there is no definitive way to determine, based on the output, if a rootkit is present, but that you should examine all reported discrepancies to ensure that they are explainable.

Can anyone with a trained eye look at the output and help me with either a thumbs up or thumbs down as far as a rootkit being present on my system?

#2 tansqrx

tansqrx

    Super Member

  • [HOSTED]
  • 759 posts

Posted 10 September 2007 - 08:37 PM

I can give it a try but you will have to post the results.

As a side note, several legitimate programs use rootkit type technologies in their functionality. I know several years back Norton Antivirus hid its definition files from the OS. This worked really well to keep viruses from attacking the definition files directly. No one realized what was going on until programs such as rootkit revealer were created and a bunch of suspicious files were popping up. Since then I have heard of several non-rootkit files being detected. You could call them a false positive. Like I said before post the results and I am sure there are several individuals here that can help you.

#3 dserban

dserban

    Premium Member

  • [HOSTED]
  • 286 posts

Posted 11 September 2007 - 05:31 PM

I have saved the results in jpg format and included the picture in the post above.
The results can also be viewed at:
http://www.imagefile...95_revealer.jpg

#4 ethergeek

ethergeek

    Premium Member

  • [HOSTED]
  • 393 posts
  • Gender:Male
  • Location:Tucson, AZ

Posted 11 September 2007 - 05:36 PM

If you don't know what something is, google it. There's legit reasons for hiding files from the API...some being to hide emulation software like Daemon Tools from the retarded protection schemes on game and software CDs, to hiding important antivirus engine files from potential attack from viruses. So just because it says "hidden from windows api" doesn't necessarily mean it's bad.

#5 Guest_(G)Dwiggy_*

Guest_(G)Dwiggy_*
  • Guests

Posted 27 December 2009 - 11:18 PM

interpret Rootkit revealer outputNot Sure How To Interpret The Output Of The Rootkit Revealer

Hello,

I analyzed my laptop with Rootkit revealer but I am not sure of the result is made of false positives only or if there is something to be scared of...

Here are what it found:

- HKLMSECURITYPolicySecretsSAC* 

O bytes

Key name contains embedded nulls (*)

 

- HKLMSECURITYPolicySecretsSAI* 

O bytes

Key name contains embedded nulls (*)

 

- C:System Volume Information_restore{36D576C6-D89E-469E-9FBC-...

1,39 KB

Hidden from Windows API

 

Thanks for any help or advice

 -question by Dwiggy


#6 tansqrx

tansqrx

    Super Member

  • [HOSTED]
  • 759 posts

Posted 11 January 2010 - 11:16 PM

I can’t claim to have a definitive answer but all of these look harmless.

The HKLM\SECURITY\Policy\Secrets area of the registry is where the Windows passwords are stored so it makes sense that this is hidden from the operating system during normal operation. Microsoft has also added some extra protection measures since XP to make the passwords harder to obtain (but still not that hard if you use a Linux boot CD).

The C:\System Volume Information\_restore directory is related to the system restore function (http://en.wikipedia..../System_Restore). Since this is also a fairly low level feature of Windows (you don’t want malware infecting your backup) I would say that this is also fine.
Back to Anti-Virus & Anti-Spyware

Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Open Discussion & Free Web Hosting
  2. Computers & Tech
  3. Software
  4. Anti-Virus & Anti-Spyware
  5. Rules