Tech Support Forum banner

HELP Problems with Rootkit?

1611 Views 3 Replies 2 Participants Last post by  ConfusedorCrazy
I am a Newbie at this so I hope I am posting in the right forum.

I have been trying to work this problem out and I am Stumped :upset:

I ran a utility from Microsoft called Rootkit Revealer advanced rootkit detection utility located from

It shows about 12 rootkits called InprocServer32* located in my registery files such as
example HKLM\SOFTWARE\Classes\CLSID\HKEY_CLASSES_ROOT\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\ImprocServer32*
Click on the Folder ImprocServer32 and get error message cannot open folder.

As well as others such as

I ran Hijack This and everything looks okay. It did not find these Rootkits NADA

I disconnected from the net and ran Ccleaner in the registry. It came up with 23 entries but did not pick up these rootkits. I ran fix it.

I ran Anti Virus Software AVG, SuperAntiSpyware and NADA

I ran ADware7 NADA

I ran Spybot in Advance Mode. It picked up some entries to be fixed but not these rootkits. I ran fix it.

Then I ran SupremeReg and it came up with 235 entry errors in the Reg File and it did pick up these rootkit entries in the Reg File. If you click on each entry you kit Key 0 3 entries including many of my program files.

My question is are these rootkits nefarious? I know that many Anti Virus Software programs cannot pickup these rootkits according to In fact these rootkits are almost impossible to stop since they hide themselves so well.

Why did SupremeReg picking up all these entry errors in the RegFile when the other programs don't? Are they registering false positives?

Help :4-dontkno
See less See more
Not open for further replies.
1 - 4 of 4 Posts
I forgot to add that I also ran F-Secure and NADA as well
Do you use (or have you ever used) Pinnacle Studio software?

That CLSID you show is related.

Some rootkits are not necessarily malicious, though it is unseemly to use this function to hide from users.

Sony also used rootkit technology to hide certain items from consumers.

With all those other scans coming up clean, I'd say you're sniffing around too deeply. Be at ease.
See less See more
That's It! Thanks bunch Tetonbob. I do have Pinnacle Studio so it's benign. I should have queried on the CLSID String instead of Inprocserver32*. I just noticed that an unknown server in Russia was pinging my server freaked me out. Although I do have some null terminated strings that I need to get rid of. After reading info on, I realized how hackers are bypassing most security sweeps by presenting a false physical image of the operating system and that most anti virus companies are not keeping up fast enough against these kind of attack.
1 - 4 of 4 Posts
Not open for further replies.