nordn8
2008-12-08, 07:58
Hello Team Spybot,
I have seen others in the forums that have had similar problems as myself with Win32.Hidden.RTK and noticed some instructions on scaning and emailing the exported registry keys along with the log file from RootAlyzer to info-at-spybot.com and this is what I did, but I hadn't yet registered or posted to any forum thread. Will this affect any reply from your team negitively?
In addition, Spybot S&D found 11 entries and RootAlyzer found 12 entries of Win32.Hidden.RTK. I am running Windows XP, service pack 3, and on a Dell Dimension 4700. I also am running AVG free and Adaware which haven't detected these entries. And I am unaware if I can disable Spybot S&D's Tea Timer, restart, scan with one of these, and enable Tea Timer with finally removing these detections if this is indeed malware Spybot S&D is detecting. AndI'm don't mean any isrespect by this either. It's just that sometimes programs detect false positives.
P.S. I will up load or email the registry key files to you at your request. Here is my RootAlyzer scan log.
Thanks,nordn8
Requested file archive at 12/3/2008 10:58:48 PM
Created by RootAlyzer
Copyright © 2004-2008 Safer Networking Limited. All rights reserved.
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Requests:
Operations:
I have seen others in the forums that have had similar problems as myself with Win32.Hidden.RTK and noticed some instructions on scaning and emailing the exported registry keys along with the log file from RootAlyzer to info-at-spybot.com and this is what I did, but I hadn't yet registered or posted to any forum thread. Will this affect any reply from your team negitively?
In addition, Spybot S&D found 11 entries and RootAlyzer found 12 entries of Win32.Hidden.RTK. I am running Windows XP, service pack 3, and on a Dell Dimension 4700. I also am running AVG free and Adaware which haven't detected these entries. And I am unaware if I can disable Spybot S&D's Tea Timer, restart, scan with one of these, and enable Tea Timer with finally removing these detections if this is indeed malware Spybot S&D is detecting. AndI'm don't mean any isrespect by this either. It's just that sometimes programs detect false positives.
P.S. I will up load or email the registry key files to you at your request. Here is my RootAlyzer scan log.
Thanks,nordn8
Requested file archive at 12/3/2008 10:58:48 PM
Created by RootAlyzer
Copyright © 2004-2008 Safer Networking Limited. All rights reserved.
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Registry Key, Zero char in key name: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Requests:
Operations: