1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

can anyone help with a rootkit revealer log?

Discussion in 'Windows - Virus and spyware problems' started by narcismo, Mar 21, 2007.

  1. narcismo

    narcismo Regular member

    Joined:
    Jun 3, 2006
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    26
    hello, i just tried to update any-dvd,and while it was updating it suddenly aborted when the auto-run turned on and booted a SONY dvd that was in the drive(rocky balboa).i ran rootkit revealer and this is what i found.


    HKU\S-1-5-21-329068152-1214440339-839522115-500\Software\Zepter Software\RegLib*8427c988 4/23/2006 11:18 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SECURITY\Policy\Secrets\SAC* 12/28/2004 4:12 AM 0 bytes Key name contains embedded nulls (*)
    HKLM\SECURITY\Policy\Secrets\SAI* 12/28/2004 4:12 AM 0 bytes Key name contains embedded nulls (*)
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 2/23/2007 12:41 AM 0 bytes Access is denied.
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7C00.tmp 3/21/2007 5:46 PM 16.00 KB Hidden from Windows API.
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7C17.tmp 3/21/2007 5:46 PM 512 bytes Hidden from Windows API.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\67J0LCHK\CAJAWX90.HTM 3/21/2007 5:47 PM 893 bytes Hidden from Windows API.

    i'm not really worried about the ones containing "embedded nulls", just the last 4. especially the hklm value that reads "access is denied".
    can anyone help me out please.
     
    Last edited: Mar 21, 2007
  2. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Do you have DaemonTools installed?
     
  3. narcismo

    narcismo Regular member

    Joined:
    Jun 3, 2006
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    26
    no, just recently un-installed it. it's not d-tools. i'm starting to think most of it is'nt mal-stuff. but the one that says "access denied" has me half cocked.
    i very much appreciate the reply, but my prob.might run a little deeper.
    any other input?
    thanks in advance.
    eric
     
    Last edited: Mar 21, 2007
  4. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Its a leftover from Daemon Tools.

    Wouldn't worry about it :)
     
  5. narcismo

    narcismo Regular member

    Joined:
    Jun 3, 2006
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    26
    fair enough. maybe you can shed a little light on the root of my problem(I'M SURE YOU'RE MUCH MORE KNOWELGABLE THAN I). a few weeks ago my daughter really f@%*ed up my comp. i was able to salvage most of my stuff, but... now some of my folders(like LOCAL SETTINGS) are invisible to windows. which, i'm sure is why rootkit rev. is flaging those addresses. why did that happen and how can i fix it? i'm sure thats a bit vague, but thats all i'm sure of.

    thanks 1,000,000 kotaguy
     
    Last edited: Mar 21, 2007
  6. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Could try showing hidden files/folders...

    [*]Close all programs so that you are at your desktop.
    [*]Double-click on the My Computer icon (or click Start, then select My Computer)
    [*]Select the Tools menu and click Folder Options.
    [*]After the new window appears select the View tab.
    [*]Put a checkmark in the checkbox labeled Display the contents of system folders.
    [*]Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    [*]Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    [*]Remove the checkmark from the checkbox labeled Hide protected operating system files.
    [*]Press the Apply button and then the OK button and shutdown My Computer.

    See if that helps.
     

Share This Page