Rootkits

[Guest]

I tried out Rootkit Revealer. I got 5 hits including 2 that say "Key name
contains embedded nulls [*]" which sound like something I could do with out.
Anyway, the help screen says I can get help at Sysinternals RegDelNull but
when I click that I get a MS screen that says it is unavailable.

Should I get rid of nulls? The other 3 hits say I have"Type mismatch
between Windows API and raw hive data". Is this something I should get rid
of? How?

 

[Guest]

RegDelNull:
http://www.microsoft.com/technet/sysinternals/Miscellaneous/RegDelNull.mspx

 

[Guest]

OK I found RegDelNull, downloaded it, unzipped it, ran it, and ....?

Re-ran Rootkit Revealer and got this result. I don't know what to expect.

HKU\.DEFAULT\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ParseAutoexec 9/23/2007 12:19 AM 5 bytes Data
mismatch between Windows API and raw hive data.

HKLM\SECURITY\Policy\Secrets\SAC* 8/12/2004 12:36 AM 0 bytes Key name
contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 8/12/2004 12:36 AM 0 bytes Key name
contains embedded nulls (*)

HKLM\SOFTWARE\Classes\webcal\URL Protocol 7/23/2005 9:34 PM 13 bytes Data
mismatch between Windows API and raw hive data.

Are these things I need to worry about or just ignore?

RegDelNull:
http://www.microsoft.com/technet/sysinternals/Miscellaneous/RegDelNull.mspx
--
helpful? click "Yes" button. Voting helps the web interface.
http://www.microsoft.com/windowsxp/...g=microsoft.public.windowsxp.help_and_support
Mark L. Ferguson

I tried out Rootkit Revealer. I got 5 hits including 2 that say "Key name
contains embedded nulls [*]" which sound like something I could do with out.
Anyway, the help screen says I can get help at Sysinternals RegDelNull but
when I click that I get a MS screen that says it is unavailable.

Should I get rid of nulls? The other 3 hits say I have"Type mismatch
between Windows API and raw hive data". Is this something I should get rid
of? How?

 

[Guest]

I have a value of "1" in the ParseAutoexec Value, and have no
.../security/secrets/ Key at all.
--
helpful? click "Yes" button. Voting helps the web interface.
http://www.microsoft.com/windowsxp/...g=microsoft.public.windowsxp.help_and_support
Mark L. Ferguson

OK I found RegDelNull, downloaded it, unzipped it, ran it, and ....?

Re-ran Rootkit Revealer and got this result. I don't know what to expect.

HKU\.DEFAULT\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ParseAutoexec 9/23/2007 12:19 AM 5 bytes Data
mismatch between Windows API and raw hive data.

HKLM\SECURITY\Policy\Secrets\SAC* 8/12/2004 12:36 AM 0 bytes Key name
contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 8/12/2004 12:36 AM 0 bytes Key name
contains embedded nulls (*)

HKLM\SOFTWARE\Classes\webcal\URL Protocol 7/23/2005 9:34 PM 13 bytes Data
mismatch between Windows API and raw hive data.

Are these things I need to worry about or just ignore?

RegDelNull:
http://www.microsoft.com/technet/sysinternals/Miscellaneous/RegDelNull.mspx
--
helpful? click "Yes" button. Voting helps the web interface.
http://www.microsoft.com/windowsxp/...g=microsoft.public.windowsxp.help_and_support
Mark L. Ferguson

I tried out Rootkit Revealer. I got 5 hits including 2 that say "Key name
contains embedded nulls [*]" which sound like something I could do with out.
Anyway, the help screen says I can get help at Sysinternals RegDelNull but
when I click that I get a MS screen that says it is unavailable.

Should I get rid of nulls? The other 3 hits say I have"Type mismatch
between Windows API and raw hive data". Is this something I should get rid
of? How?

 

[Guest]

Sorry, I don't understand your response. Do I need to do something about the
stuff found by RootkitRevealer or just ignore them?

I have a value of "1" in the ParseAutoexec Value, and have no
../security/secrets/ Key at all.
--
helpful? click "Yes" button. Voting helps the web interface.
http://www.microsoft.com/windowsxp/...g=microsoft.public.windowsxp.help_and_support
Mark L. Ferguson

OK I found RegDelNull, downloaded it, unzipped it, ran it, and ....?

Re-ran Rootkit Revealer and got this result. I don't know what to expect.

HKU\.DEFAULT\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ParseAutoexec 9/23/2007 12:19 AM 5 bytes Data
mismatch between Windows API and raw hive data.

HKLM\SECURITY\Policy\Secrets\SAC* 8/12/2004 12:36 AM 0 bytes Key name
contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 8/12/2004 12:36 AM 0 bytes Key name
contains embedded nulls (*)

HKLM\SOFTWARE\Classes\webcal\URL Protocol 7/23/2005 9:34 PM 13 bytes Data
mismatch between Windows API and raw hive data.

Are these things I need to worry about or just ignore?

RegDelNull:
http://www.microsoft.com/technet/sysinternals/Miscellaneous/RegDelNull.mspx
--
helpful? click "Yes" button. Voting helps the web interface.
http://www.microsoft.com/windowsxp/...g=microsoft.public.windowsxp.help_and_support
Mark L. Ferguson

:
I tried out Rootkit Revealer. I got 5 hits including 2 that say "Key name
contains embedded nulls [*]" which sound like something I could do with out.
Anyway, the help screen says I can get help at Sysinternals RegDelNull but
when I click that I get a MS screen that says it is unavailable.

Should I get rid of nulls? The other 3 hits say I have"Type mismatch
between Windows API and raw hive data". Is this something I should get rid
of? How?

 

[Guest]

It's likely that you can delete all that without problem, but working in the
registry always requires risk. I would export all those Keys to a *.reg file,
then delete, and if it causes trouble, use a System Restore point to go back.
--
helpful? click "Yes" button. Voting helps the web interface
http://www.microsoft.com/windowsxp/...g=microsoft.public.windowsxp.help_and_support
Mark L. Ferguson

Sorry, I don't understand your response. Do I need to do something about the
stuff found by RootkitRevealer or just ignore them?

I have a value of "1" in the ParseAutoexec Value, and have no
../security/secrets/ Key at all.
--
helpful? click "Yes" button. Voting helps the web interface.
http://www.microsoft.com/windowsxp/...g=microsoft.public.windowsxp.help_and_support
Mark L. Ferguson

OK I found RegDelNull, downloaded it, unzipped it, ran it, and ....?

Re-ran Rootkit Revealer and got this result. I don't know what to expect.

HKU\.DEFAULT\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ParseAutoexec 9/23/2007 12:19 AM 5 bytes Data
mismatch between Windows API and raw hive data.

HKLM\SECURITY\Policy\Secrets\SAC* 8/12/2004 12:36 AM 0 bytes Key name
contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 8/12/2004 12:36 AM 0 bytes Key name
contains embedded nulls (*)

HKLM\SOFTWARE\Classes\webcal\URL Protocol 7/23/2005 9:34 PM 13 bytes Data
mismatch between Windows API and raw hive data.

Are these things I need to worry about or just ignore?



:

RegDelNull:
http://www.microsoft.com/technet/sysinternals/Miscellaneous/RegDelNull.mspx
--
helpful? click "Yes" button. Voting helps the web interface.
http://www.microsoft.com/windowsxp/...g=microsoft.public.windowsxp.help_and_support
Mark L. Ferguson

:
I tried out Rootkit Revealer. I got 5 hits including 2 that say "Key name
contains embedded nulls [*]" which sound like something I could do with out.
Anyway, the help screen says I can get help at Sysinternals RegDelNull but
when I click that I get a MS screen that says it is unavailable.

Should I get rid of nulls? The other 3 hits say I have"Type mismatch
between Windows API and raw hive data". Is this something I should get rid
of? How?