Root kits


J

John Doe

Within days of a clean installation of Windows XP SP3 plus Windows
updates and a few programs. I have three root kits, or at least
what RootkitRevealer considers notable.

HKLM\SECURITY\Policy\Secrets\SAC* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SOFTWARE\Microsoft\Environment* 11/10/2010 6:55 AM 0 bytes
Key name contains embedded nulls (*)
 
Ad

Advertisements

S

Sjouke Burry

John said:
Within days of a clean installation of Windows XP SP3 plus Windows
updates and a few programs. I have three root kits, or at least
what RootkitRevealer considers notable.

HKLM\SECURITY\Policy\Secrets\SAC* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SOFTWARE\Microsoft\Environment* 11/10/2010 6:55 AM 0 bytes
Key name contains embedded nulls (*)
Dont be alarmed. Even in M$ code there are a few
badly designed command strings.
Rkr always finds a few, you have to sort of learn to
ignore those.
But M$ sure could use some of its own advice.......
 
L

Loren Pechtel

Within days of a clean installation of Windows XP SP3 plus Windows
updates and a few programs. I have three root kits, or at least
what RootkitRevealer considers notable.

HKLM\SECURITY\Policy\Secrets\SAC* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SOFTWARE\Microsoft\Environment* 11/10/2010 6:55 AM 0 bytes
Key name contains embedded nulls (*)
Those are keys it finds suspicious, not rootkits.

I think this is just Microsoft trying to keep people out of a few
things, though.
 
J

John Doe

I said:
Within days of a clean installation, I have three of what
RootkitRevealer considers discrepancies.
HKLM\SECURITY\Policy\Secrets\SAC*
Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI*
Key name contains embedded nulls (*)

HKLM\SOFTWARE\Microsoft\Environment*
Key name contains embedded nulls (*)
Got a new SDD. Tried using a Windows 7 boot disk to format it.
Then used Acronis Disk Director to format the SDD and then to
resize the Raptor active partition.

Now I have 27 RootkitRevealer discrepancies. And now
RootkitRevealer freezes and fails when attempting to save the
results (a snapshot follows this message).

Besides those mentioned above, keywords include...

Txf
TxfLog
Tops
Extend
RmMetadata
Repair
TxfLogContainer
 
Ad

Advertisements

J

John Doe

Apparently... Using the Windows 7 boot disk, not Acronis Disk Director,
increased RootkitRevealer discrepancies.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top