nero 8 rootkit

2008-08-03, 14:37
downloaded nero 8 and ran rootalyzer and a a.d.s.>arrow_n.cur:NEDTA.DAT:$DATA came up. I googled result and four entries came up.one vague reference to nero 8 key gen having something to do with it. can anyone explaine with the ability to hide virus' whether rootalyzer will pick these up as extra entries or can this a.d.s. hide them like what happened with sony C.D. rootkit in 2005. and can anyone confirm nero 8 link. i just can't find a legite name or refernce anywhere. file size (6144 bytes)
size on diks (8192 bytes)

2008-08-03, 14:50
the download was from nero global server. conformation was revieved for purchases and the deal was offered from nero 7 supplied with new computer then updated recently before i used supplied link to purchase nero 8.

2008-08-04, 22:32

ADS can hide executable malware code, but they are not bad per default and could as well hide legit stuff. From what I googled about it so far, here it sounds like Nero tries to hide its Blueray Disc Region Settings in there.

Legit software sometimes uses such methods to hide stuff like license information (or here, region settings) that it does not want the user to touch (to avoid copying that information over to other machines, or in this case, to avoid the user playing around with region settings where he "should" be restricted).

I therefore recommend that you ignore this entry.