I forgot to add that I also ran F-Secure and NADA as well
HELP Problems with Rootkit?
I am a Newbie at this so I hope I am posting in the right forum.
I have been trying to work this problem out and I am Stumped :upset:
I ran a utility from Microsoft called Rootkit Revealer advanced rootkit detection utility located www.sysinternals.com from www.rootkit.com.
It shows about 12 rootkits called InprocServer32* located in my registery files such as
example HKLM\SOFTWARE\Classes\CLSID\HKEY_CLASSES_ROOT\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\ImprocServer32*
Click on the Folder ImprocServer32 and get error message cannot open folder.
As well as others such as
HKLM\SOFTWARE\Microsoft\Cryptography\RING\Seed
I ran Hijack This and everything looks okay. It did not find these Rootkits NADA
I disconnected from the net and ran Ccleaner in the registry. It came up with 23 entries but did not pick up these rootkits. I ran fix it.
I ran Anti Virus Software AVG, SuperAntiSpyware and NADA
I ran ADware7 NADA
I ran Spybot in Advance Mode. It picked up some entries to be fixed but not these rootkits. I ran fix it.
Then I ran SupremeReg and it came up with 235 entry errors in the Reg File and it did pick up these rootkit entries in the Reg File. If you click on each entry you kit Key 0 3 entries including many of my program files.
My question is are these rootkits nefarious? I know that many Anti Virus Software programs cannot pickup these rootkits according to rootkits.com. In fact these rootkits are almost impossible to stop since they hide themselves so well.
Why did SupremeReg picking up all these entry errors in the RegFile when the other programs don't? Are they registering false positives?
Help :4-dontkno
I have been trying to work this problem out and I am Stumped :upset:
I ran a utility from Microsoft called Rootkit Revealer advanced rootkit detection utility located www.sysinternals.com from www.rootkit.com.
It shows about 12 rootkits called InprocServer32* located in my registery files such as
example HKLM\SOFTWARE\Classes\CLSID\HKEY_CLASSES_ROOT\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\ImprocServer32*
Click on the Folder ImprocServer32 and get error message cannot open folder.
As well as others such as
HKLM\SOFTWARE\Microsoft\Cryptography\RING\Seed
I ran Hijack This and everything looks okay. It did not find these Rootkits NADA
I disconnected from the net and ran Ccleaner in the registry. It came up with 23 entries but did not pick up these rootkits. I ran fix it.
I ran Anti Virus Software AVG, SuperAntiSpyware and NADA
I ran ADware7 NADA
I ran Spybot in Advance Mode. It picked up some entries to be fixed but not these rootkits. I ran fix it.
Then I ran SupremeReg and it came up with 235 entry errors in the Reg File and it did pick up these rootkit entries in the Reg File. If you click on each entry you kit Key 0 3 entries including many of my program files.
My question is are these rootkits nefarious? I know that many Anti Virus Software programs cannot pickup these rootkits according to rootkits.com. In fact these rootkits are almost impossible to stop since they hide themselves so well.
Why did SupremeReg picking up all these entry errors in the RegFile when the other programs don't? Are they registering false positives?
Help :4-dontkno
- Status
- Not open for further replies.
1 - 4 of 4 Posts
Do you use (or have you ever used) Pinnacle Studio software?
That CLSID you show is related.
http://forums.spybot.info/showthread.php?t=27491
http://benfulton.net/blog/2005/11/rootkitrevealer.html
Some rootkits are not necessarily malicious, though it is unseemly to use this function to hide from users.
Sony also used rootkit technology to hide certain items from consumers.
http://en.wikipedia.org/wiki/2005_Sony_BMG_CD_copy_protection_scandal
With all those other scans coming up clean, I'd say you're sniffing around too deeply. Be at ease.
That CLSID you show is related.
http://forums.spybot.info/showthread.php?t=27491
http://benfulton.net/blog/2005/11/rootkitrevealer.html
Some rootkits are not necessarily malicious, though it is unseemly to use this function to hide from users.
Sony also used rootkit technology to hide certain items from consumers.
http://en.wikipedia.org/wiki/2005_Sony_BMG_CD_copy_protection_scandal
With all those other scans coming up clean, I'd say you're sniffing around too deeply. Be at ease.
That's It! Thanks bunch Tetonbob. I do have Pinnacle Studio so it's benign. I should have queried on the CLSID String instead of Inprocserver32*. I just noticed that an unknown server in Russia was pinging my server freaked me out. Although I do have some null terminated strings that I need to get rid of. After reading info on rootkit.com, I realized how hackers are bypassing most security sweeps by presenting a false physical image of the operating system and that most anti virus companies are not keeping up fast enough against these kind of attack.
1 - 4 of 4 Posts
- Status
- Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Recommended Communities
