1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

RootkitRevealer

Discussion in 'Security and Privacy' started by jpcummins, 2007/11/08.

  1. 2007/11/08
    jpcummins

    jpcummins Inactive Thread Starter

    Joined:
    2007/10/23
    Messages:
    20
    Likes Received:
    0
    I do not know enough about the program "RootkitRevealer" to be able to tell if I have a problem or not. Unfortunately, I know just enough about computers to get myself into trouble. I have ran the "AVG Anti-Rootkit" program and it found nothing wrong. But I do not know if it is a good program or not. Anyway, I ran the "RootkitRevealer" program and found the following:


    HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6\ProductName 10/11/2006 12:02 PM 26 bytes Data mismatch between Windows API and raw hive data.
    HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 11/8/2007 4:06 PM 80 bytes Data mismatch between Windows API and raw hive data.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName 11/15/2006 4:20 PM 26 bytes Data mismatch between Windows API and raw hive data.
    HKLM\SYSTEM\ControlSet001\Services\a347scsi\Config\jdgg40 10/11/2006 3:44 PM 0 bytes Hidden from Windows API.
    C:\Documents and Settings\John P. Cummins\Local Settings\Temporary Internet Files\Content.IE5\K7M5A7Q9\version[1].dat 11/8/2007 4:14 PM 23 bytes Hidden from Windows API.
    C:\Documents and Settings\John P. Cummins\Local Settings\Temporary Internet Files\Content.IE5\K7M5A7Q9\wwver655[1].ini 11/8/2007 4:14 PM 34 bytes Hidden from Windows API.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071108.016\vscanmsx.dat 11/8/2007 4:11 PM 2.02 KB Hidden from Windows API.
    C:\System Volume Information\_restore{173E77B7-392F-44FF-A7D6-634ABAB7E00C}\RP344\A0033948.ini 11/7/2007 6:33 PM 34 bytes Hidden from Windows API.
    C:\System Volume Information\_restore{173E77B7-392F-44FF-A7D6-634ABAB7E00C}\RP344\A0033949.cfg 11/7/2007 6:33 PM 23 bytes Hidden from Windows API.


    I was hoping that someone more knowledgeable than I would look at this log and tell me if I had anything to worry about. Any assistance and cooperation would be very much appreciated.

    Thanking you in advance

    John
     
    jpcummins,
    #1
  2. 2007/11/08
    charlesvar

    charlesvar Inactive Alumni

    Joined:
    2002/02/18
    Messages:
    7,024
    Likes Received:
    0
    Hello John,

    I've run this and other RKU's and nothing strikes me as "bad ".

    Messages as these:

    Data mismatch between Windows API and raw hive data

    bytes Hidden from Windows API.

    Are common and I notice they are mostly System files and in one case Symantec's virus defs.

    The entries in System Restore I wouldn't worry about either, unless you feel comfortable in deleting your SR points by disabling SR/re enabling SR. These SR points will cycle off eventually anyway.
     
    charlesvar,
    #2


  3. to hide this advert.

  4. 2007/11/09
    blunam

    blunam Inactive

    Joined:
    2007/11/09
    Messages:
    20
    Likes Received:
    0
    I also beleive that John is right. these look fairly legit. the issue with spyware etc is that its not well defended and most programs will report other spyware programs as being a issue. They also red flag a lot of legit stuff, like cookies, yes cookies comntain info but a lot of legit sites won't work if you disable them. the key things are to do some basic secuirty and keep the computer up to date.

    check out http://www.kinetics.co.nz/newssite/Pages/CuringInfection.aspx which i hope is a easy to understand blog on keeping safe.

    bill
    www.kinetics.co.nz
     
    blunam,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...