Windows, Operating System, Security, Networking, Malware, Support, Forum, Help Site Check Our Facebook Page!
Notices
Security and Privacy Post any general questions related to security and privacy here.


Register your FREE account to unlock additional features at WindowsBBS.com
   
 
 
LinkBack Thread Tools
Old 30th March 2011   #1
SuperGeek
THREAD STARTER
 
Profile:
Join Date: Sep 2003
Location: North Hollyweird, California
Posts: 1,062
Computer Experience:
Computers?
jpChris Reputation Level

My System

Swearware in the registry


Hi all,

I did a RootKit scan and it found almost 30 of these entries:

HKLM\SOFTWARE\Swearware\backup\winsock2 3/19/2011 12:35 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters 3/19/2011 12:35 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5 3/19/2011 12:35 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catal og_Entries 3/19/2011 12:35 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catal og_Entries\000000000001 3/19/2011 12:35 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catal og_Entries\000000000002 3/19/2011 12:35 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catal og_Entries\000000000003 3/19/2011 12:35 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9 3/19/2011 12:35 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalo g_Entries 3/19/2011 12:35 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalo g_Entries\000000000001 3/19/2011 12:35 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalo g_Entries\000000000002 3/19/2011 12:35 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalo g_Entries\000000000003 3/19/2011 12:35 PM 0 bytes Security mismatch.

etc., etc., etc. The dates seem to coincide with the Bytescout debacle a couple of weeks ago.

I've found it's from ComboFix, SmitfraudFix, etc. However, there's no consensus as to what to do with these entries, or if they really are CF, SF related.

I know that Avast and SpyBotSearch & Destroy scan for Rootkits and I only found the Swearware entries in the registry when I was looking for something else.

OK to delete the Swearware folder from the registry?


Last edited by jpChris; 30th March 2011 at 03:14.
jpChris is offline  

 

Register
to remove this ad.
 
 

Old 30th March 2011   #2
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,886
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Those entries are safe.

broni is offline  

Did you find this post helpful? Yes | No
Old 30th March 2011   #3
SuperGeek
THREAD STARTER
 
Profile:
Join Date: Sep 2003
Location: North Hollyweird, California
Posts: 1,062
Computer Experience:
Computers?
jpChris Reputation Level

My System
So it's OK to delete them, broni?

jpChris is offline  

Did you find this post helpful? Yes | No
Old 30th March 2011   #4
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,886
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
No. You can safely leave them alone.

broni is offline  

Did you find this post helpful? Yes | No
Old 30th March 2011   #5
SuperGeek
THREAD STARTER
 
Profile:
Join Date: Sep 2003
Location: North Hollyweird, California
Posts: 1,062
Computer Experience:
Computers?
jpChris Reputation Level

My System
OK, thanks.

jpChris is offline  

Did you find this post helpful? Yes | No
Old 30th March 2011   #6
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,886
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Sure thing

broni is offline  

Did you find this post helpful? Yes | No
Old 30th March 2011   #7
SuperGeek
THREAD STARTER
 
Profile:
Join Date: Sep 2003
Location: North Hollyweird, California
Posts: 1,062
Computer Experience:
Computers?
jpChris Reputation Level

My System
A thought: Every time I do a RootkitReveal, all these entries will be in there obfuscating my braim. Would it be safe to export then delete — providing nothing gets messed up?

jpChris is offline  

Did you find this post helpful? Yes | No
Old 30th March 2011   #8
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,886
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Unfortunately, I'm not sure about consequences, if you remove them.
Registry (if nothing malicious detected) is better to be left alone.

broni is offline  

Did you find this post helpful? Yes | No
Old 30th March 2011   #9
SuperGeek
THREAD STARTER
 
Profile:
Join Date: Sep 2003
Location: North Hollyweird, California
Posts: 1,062
Computer Experience:
Computers?
jpChris Reputation Level

My System
Then I'll follow "Plan A" and export\delete one at a time, see if there's any problems and continue if not.

jpChris is offline  

Did you find this post helpful? Yes | No
Old 30th March 2011   #10
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,886
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Go ahead, but consider yourself as being warned.

broni is offline  

Did you find this post helpful? Yes | No
Old 30th March 2011   #11
SuperGeek
THREAD STARTER
 
Profile:
Join Date: Sep 2003
Location: North Hollyweird, California
Posts: 1,062
Computer Experience:
Computers?
jpChris Reputation Level

My System
Quote:
Go ahead, but consider yourself as being warned.
Duly noted.

jpChris is offline  

1 out of 1 members found this post helpful. Did you find this post helpful? Yes | No
Old 3rd April 2011   #12
SuperGeek
THREAD STARTER
 
Profile:
Join Date: Sep 2003
Location: North Hollyweird, California
Posts: 1,062
Computer Experience:
Computers?
jpChris Reputation Level

My System

Update


Swearware is ComboFix stuff. I followed "Plan A" and everything is OK.

jpChris is offline  

Did you find this post helpful? Yes | No
Old 3rd April 2011   #13
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,886
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Ok

broni is offline  

Did you find this post helpful? Yes | No


 

THIS THREAD HAS EXPIRED.

Are you having the same problem? Please post a new thread, but first you'll have to join us by Registering (FREE).



Discussion Forums
Operating Systems
Windows 8 Windows 8
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Legacy Windows OS Legacy Windows OS
Internet & Networking
Networking (Hardware & Software) Networking
Internet Explorer Internet Explorer
Microsoft Mail Microsoft Mail
Firefox, Thunderbird & SeaMonkey Firefox, Thunderbird
      & SeaMonkey

Web Applications & Cloud Web Applications & Cloud
General Internet
Security
Malware and Virus Removal Malware and Virus
     Removal

Security and Privacy Security and Privacy

Other
Other PC Software Other PC Software
Test Posts Test Posts
Hardware
PC Hardware PC Hardware
Mobile Devices Mobile Devices
Community
Introductions Introductions
General Discussions General Discussions
Site Comments & Suggestions Site Comments
      & Suggestions

News News @ WindowsBBS

Thread Tools


Find us on Facebook   Web Of Trust Rating

All times are GMT. The time now is 11:32.


Recent Discussions
WD External Hard Drives not recogin.. (5)
'Open with' doesn't work (7)
Re-starting IE8 every time I change.. (3)
Windows 8.1 Update 2 (19)
8.1 Flash Player probs (1)
Backing up C: (5)
Text overlapping in Google Chrome (4)
Comp is slow to recognize USB HD? (12)
Intel's two new PC chips (1)
Pagefile 8GB and Hiberfile 6GB on 1.. (9)
Because of an error in data encrypt.. (1)
Start Program Won't Execute (6)
Start Menu Question (9)
Seamonkey Mail Address Random Sort (4)
How get Outlook 2007 to display Mai.. (3)
Buying Windows 8.1 from MS Store. (10)
The remote procedure call failed (2)
Problem with password resetting. (9)
Refurb laptops ok to buy? (8)
Mouse left clicker wont work for ce.. (6)


Donate!
Support Windows BBS!



Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright 2002 - 2013 WindowsBBS.com. All rights reserved.
FDMA Media LLC
Terms of Use, Legal Information & Privacy Policy
Page generated in 0.11827 seconds with 7 queries