|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
Survey |
|
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
SaintSatinStain
Sergeant
Premium Member
Joined: Jul 29, 2005
Posts: 122
|
 Posted: Tue Nov 21, 2006 10:28 pm Post subject: RootkitRevealer scan results |
|
|
Here are the results from recent RootkitRevealer scan:
HKLM\SECURITY\Policy\Secrets\SAC* 9/11/2005 2:26 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 9/11/2005 2:26 PM 0 bytes Key name contains embedded nulls (*)
C:\System Volume Information\_restore{7C24F5A2-EEAD-401C-A06D-0E3CC9C090FE}\RP13\A0010316.RDB 11/21/2006 2:28 PM 4.12 MB Visible in directory index, but not Windows API or MFT.
I believe that the first two may be okay, but I am far from expert. AVG Anti-Spyware and Prevx1 do not detect anything. The last software installed in last month was Exalead OneDesktop search program.
System: XP Pro, SP2, patches for system and all program uptodate. I have a Linksys router and I have Prevx1, AVG Anti-Spyware, ClamWin, Zone Alarm Pro, SpywareBlaster, DiamondCS Wormguard, and Trojan Remover (which scans every logon). AVG scans daily, ZAP once a week, ClamWin once a week, Prevx1 every logon, so too Trojan Remover, SpyWareBlaster has auto-update, and I do manual scans once a week with Ad-Aware, F-Secure Blacklight, and RootkitRevealer.
I just downloaded HiJackThis if you need the log from it.
_________________
saint satin stain
Qui bibit, dormit; qui dormit, non peccat; qui non peccat, sanctus est; ergo qui bibit sanctus est.
|
|
| Back to top |
|
 |
PCBruiser
SRT Team Lead
Forums Admin
Joined: May 11, 2005
Posts: 11723
|
| Posted: Tue Nov 21, 2006 10:43 pm Post subject: |
|
|
All three are normal. The third one in your list has nothing to do with OneDesktop, it is for restore points. C:\System Volume Information\_restore is where they are kept and it is kept invisible from the Windows API, but not from the System Restore software.
_________________
Don't read? Can't learn!
|
|
| Back to top |
|
|
SaintSatinStain
Sergeant
Premium Member
Joined: Jul 29, 2005
Posts: 122
|
| Posted: Wed Nov 22, 2006 4:14 am Post subject: Here are the results from recent RootkitRevealer scan |
|
|
and I am glad that they are okay. Thank you pcbruiser. I continue my run of luck. You have implicitly pointed me toward my next study. Thank you.
peace
_________________
saint satin stain
Qui bibit, dormit; qui dormit, non peccat; qui non peccat, sanctus est; ergo qui bibit sanctus est.
|
|
| Back to top |
|
|
PCBruiser
SRT Team Lead
Forums Admin
Joined: May 11, 2005
Posts: 11723
|
| Posted: Wed Nov 22, 2006 4:06 pm Post subject: |
|
|
You mean learning more about rootkits? If so, Prince_Serendip, negster22 and several others here have a new book called "Rootkits for Dummies" due out shortly. I think the final edit was just completed. I'm not exactly sure what the release date will be, but I imagine it is soon.
It says "dummies", but as you may know, if you have looked at that series, there is a lot of content that requires some much higher thought than that. It's a good series, and I think the book will be an excellent starting point for learning more on the subject.
_________________
Don't read? Can't learn!
|
|
| Back to top |
|
|
Prince_Serendip
Site Moderator
Joined: Sep 07, 2002
Posts: 17403
|
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
