PDA

View Full Version : Roorkit find ?!!



kiesmen
2008-03-27, 04:13
Hello together,

have yesterday loaded the rootalyzer down and tried out just once, too for me.
He has found key following now at the deep scan in which whether this really is manipulated here or nich isn't clear here?

Somebody can tell me something to this here.


Logfle:


// info: Rootkit removal help file
// copyright: (c) 2008 Safer Networking Ltd. All rights reserved.

:: RootAlyzer Results
RegyKey:"Hidden registry key","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\????????\",""





Comment:
File created using RootAlyzer to help your get rid of a rootkit.

Files to delete:

Folders to delete:

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\????????\

Registry values to delete:



File::

Folder::

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\????????\]



Many thanks !!

:spider:

PepiMK
2008-03-31, 13:28
Could you please try the updated version 0.1.3 available here?

The most likely find is currently related to a possible Windows bug in a system function (RegQueryInfoKey), which reports corrupted information in a few legit cases, and which we have therefore completely removed as an indicator.