Root kits

J

John Doe

Within days of a clean installation of Windows XP SP3 plus Windows
updates and a few programs. I have three root kits, or at least
what RootkitRevealer considers notable.

HKLM\SECURITY\Policy\Secrets\SAC* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SOFTWARE\Microsoft\Environment* 11/10/2010 6:55 AM 0 bytes
Key name contains embedded nulls (*)
 
S

Sjouke Burry

John said:
Within days of a clean installation of Windows XP SP3 plus Windows
updates and a few programs. I have three root kits, or at least
what RootkitRevealer considers notable.

HKLM\SECURITY\Policy\Secrets\SAC* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SOFTWARE\Microsoft\Environment* 11/10/2010 6:55 AM 0 bytes
Key name contains embedded nulls (*)
Click to expand...

Dont be alarmed. Even in M$ code there are a few
badly designed command strings.
Rkr always finds a few, you have to sort of learn to
ignore those.
But M$ sure could use some of its own advice.......
 
L

Loren Pechtel

Within days of a clean installation of Windows XP SP3 plus Windows
updates and a few programs. I have three root kits, or at least
what RootkitRevealer considers notable.

HKLM\SECURITY\Policy\Secrets\SAC* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SOFTWARE\Microsoft\Environment* 11/10/2010 6:55 AM 0 bytes
Key name contains embedded nulls (*)
Click to expand...

Those are keys it finds suspicious, not rootkits.

I think this is just Microsoft trying to keep people out of a few
things, though.
 
J

John Doe

I said:
Within days of a clean installation, I have three of what
RootkitRevealer considers discrepancies.
Click to expand...
HKLM\SECURITY\Policy\Secrets\SAC*
Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI*
Key name contains embedded nulls (*)

HKLM\SOFTWARE\Microsoft\Environment*
Key name contains embedded nulls (*)
Click to expand...

Got a new SDD. Tried using a Windows 7 boot disk to format it.
Then used Acronis Disk Director to format the SDD and then to
resize the Raptor active partition.

Now I have 27 RootkitRevealer discrepancies. And now
RootkitRevealer freezes and fails when attempting to save the
results (a snapshot follows this message).

Besides those mentioned above, keywords include...

Txf
TxfLog
Tops
Extend
RmMetadata
Repair
TxfLogContainer
 
J

John Doe

Apparently... Using the Windows 7 boot disk, not Acronis Disk Director,
increased RootkitRevealer discrepancies.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Rootkit Revealer scan 1
how about this for a puzzle? 1
Is this malware 1
Anti-virus, anti-spyware freezing in Win XP 9
Rootkit findings 3
Trying to recreate bootable CD from zipped files 14
Windows 7 Duplicate files. 1
key name contains embedded nulls 1

Top