J
Jeff
Hi
I downloaded sysinternals utility "RootkitRevealer" and used it to scan my
system. It only found 3 items:
1. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System "Key name contains
embedded nulls".
The info on the Sysinternals website about this is
" Key name contains embedded nulls:
The Windows API treats key names as null-terminated strings whereas the
kernel treats them as counted strings. Thus, it is possible to create
Registry keys that are visible to the operating system, yet only partially
visible to Registry tools like Regedit. The Reghide sample code at
Sysinternals demonstrates this technique, which is used by both malware and
rootkits to hide Registry data. "
Do I have a problem with my
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System key?
2. and 3. in my Documents and Settings..\Local settings\Application
data\Microsoft\Windows\UsrClass.dat.LOG:Kavichs - "Hidden from Windows API"
Advice?
I downloaded sysinternals utility "RootkitRevealer" and used it to scan my
system. It only found 3 items:
1. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System "Key name contains
embedded nulls".
The info on the Sysinternals website about this is
" Key name contains embedded nulls:
The Windows API treats key names as null-terminated strings whereas the
kernel treats them as counted strings. Thus, it is possible to create
Registry keys that are visible to the operating system, yet only partially
visible to Registry tools like Regedit. The Reghide sample code at
Sysinternals demonstrates this technique, which is used by both malware and
rootkits to hide Registry data. "
Do I have a problem with my
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System key?
2. and 3. in my Documents and Settings..\Local settings\Application
data\Microsoft\Windows\UsrClass.dat.LOG:Kavichs - "Hidden from Windows API"
Advice?