Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Rootkit Reveal Log 1

Status
Not open for further replies.

electricpete

Technical User
Oct 1, 2002
289
US
My Toshiba laptop PC with Windows XP SP2 and 2GB ram seems slower and has occasional crashes.

I tried the rootkit detector tool mentioned here:
faq760-6534

The program flagged the 3 registry entries below , plus many files. Do these items suggest anything to you?

Path Timestamp Size Description:

HKLM\SECURITY\Policy\Secrets\SAC* 3/20/2006 1:32 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 3/20/2006 1:32 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\Classes\webcal\URL Protocol 11/10/2006 3:19 PM 13 bytes Data mismatch between Windows API and raw hive data.
 
HKLM\SOFTWARE\Classes\webcal\URL Protocol 11/10/2006 3:19 PM 13 bytes Data mismatch between Windows API and raw hive data.

That's normal and can be ignored. The other two are problematic. I suggest you try Sysinternal's RegDelNull but I suspect that most people would recommend a reformat and re-installation.


James P. Cottingham
[sup]I'm number 1,229!
I'm number 1,229![/sup]
 
I wouldn't recommend a format UNLESS you've run the following and all of them can't fix what you've got. Or if you're paranoid and you can't be at peace until there is 100% certainty that the baddies are gone.

0. Rkill (to stop any malware processes)
1. MalwareByte's anti-malware
2. GMER
3. ComboFix

See instructions on Bleeping Computer for using these items.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top