Root kits

  • Thread starter Thread starter John Doe
  • Start date Start date
J

John Doe

Within days of a clean installation of Windows XP SP3 plus Windows
updates and a few programs. I have three root kits, or at least
what RootkitRevealer considers notable.

HKLM\SECURITY\Policy\Secrets\SAC* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SOFTWARE\Microsoft\Environment* 11/10/2010 6:55 AM 0 bytes
Key name contains embedded nulls (*)
 
John said:
Within days of a clean installation of Windows XP SP3 plus Windows
updates and a few programs. I have three root kits, or at least
what RootkitRevealer considers notable.

HKLM\SECURITY\Policy\Secrets\SAC* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SOFTWARE\Microsoft\Environment* 11/10/2010 6:55 AM 0 bytes
Key name contains embedded nulls (*)
Click to expand...

Dont be alarmed. Even in M$ code there are a few
badly designed command strings.
Rkr always finds a few, you have to sort of learn to
ignore those.
But M$ sure could use some of its own advice.......
 
Within days of a clean installation of Windows XP SP3 plus Windows
updates and a few programs. I have three root kits, or at least
what RootkitRevealer considers notable.

HKLM\SECURITY\Policy\Secrets\SAC* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 11/10/2010 7:01 AM 0 bytes
Key name contains embedded nulls (*)

HKLM\SOFTWARE\Microsoft\Environment* 11/10/2010 6:55 AM 0 bytes
Key name contains embedded nulls (*)
Click to expand...

Those are keys it finds suspicious, not rootkits.

I think this is just Microsoft trying to keep people out of a few
things, though.
 
I said:
Within days of a clean installation, I have three of what
RootkitRevealer considers discrepancies.
Click to expand...
HKLM\SECURITY\Policy\Secrets\SAC*
Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI*
Key name contains embedded nulls (*)

HKLM\SOFTWARE\Microsoft\Environment*
Key name contains embedded nulls (*)
Click to expand...

Got a new SDD. Tried using a Windows 7 boot disk to format it.
Then used Acronis Disk Director to format the SDD and then to
resize the Raptor active partition.

Now I have 27 RootkitRevealer discrepancies. And now
RootkitRevealer freezes and fails when attempting to save the
results (a snapshot follows this message).

Besides those mentioned above, keywords include...

Txf
TxfLog
Tops
Extend
RmMetadata
Repair
TxfLogContainer
 
Apparently... Using the Windows 7 boot disk, not Acronis Disk Director,
increased RootkitRevealer discrepancies.
 
Back
Top