Results 1 to 2 of 2

Thread: Roorkit find ?!!

  1. #1
    Junior Member
    Join Date
    Mar 2008
    Posts
    1

    Question Roorkit find ?!!

    Hello together,

    have yesterday loaded the rootalyzer down and tried out just once, too for me.
    He has found key following now at the deep scan in which whether this really is manipulated here or nich isn't clear here?

    Somebody can tell me something to this here.


    Logfle:


    // info: Rootkit removal help file
    // copyright: (c) 2008 Safer Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    RegyKey:"Hidden registry key","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\????????\",""





    Comment:
    File created using RootAlyzer to help your get rid of a rootkit.

    Files to delete:

    Folders to delete:

    Registry keys to delete:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\????????\

    Registry values to delete:



    File::

    Folder::

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\????????\]



    Many thanks !!


  2. #2
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default

    Could you please try the updated version 0.1.3 available here?

    The most likely find is currently related to a possible Windows bug in a system function (RegQueryInfoKey), which reports corrupted information in a few legit cases, and which we have therefore completely removed as an indicator.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •