Tech Support Forum banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
I am a Newbie at this so I hope I am posting in the right forum.

I have been trying to work this problem out and I am Stumped :upset:

I ran a utility from Microsoft called Rootkit Revealer advanced rootkit detection utility located www.sysinternals.com from www.rootkit.com.


It shows about 12 rootkits called InprocServer32* located in my registery files such as
example HKLM\SOFTWARE\Classes\CLSID\HKEY_CLASSES_ROOT\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\ImprocServer32*
Click on the Folder ImprocServer32 and get error message cannot open folder.

As well as others such as
HKLM\SOFTWARE\Microsoft\Cryptography\RING\Seed


I ran Hijack This and everything looks okay. It did not find these Rootkits NADA

I disconnected from the net and ran Ccleaner in the registry. It came up with 23 entries but did not pick up these rootkits. I ran fix it.

I ran Anti Virus Software AVG, SuperAntiSpyware and NADA

I ran ADware7 NADA

I ran Spybot in Advance Mode. It picked up some entries to be fixed but not these rootkits. I ran fix it.

Then I ran SupremeReg and it came up with 235 entry errors in the Reg File and it did pick up these rootkit entries in the Reg File. If you click on each entry you kit Key 0 3 entries including many of my program files.

My question is are these rootkits nefarious? I know that many Anti Virus Software programs cannot pickup these rootkits according to rootkits.com. In fact these rootkits are almost impossible to stop since they hide themselves so well.

Why did SupremeReg picking up all these entry errors in the RegFile when the other programs don't? Are they registering false positives?

Help :4-dontkno
 

·
TSF Security Manager, Emeritus
Joined
·
52,196 Posts
Do you use (or have you ever used) Pinnacle Studio software?

That CLSID you show is related.

http://forums.spybot.info/showthread.php?t=27491

http://benfulton.net/blog/2005/11/rootkitrevealer.html


Some rootkits are not necessarily malicious, though it is unseemly to use this function to hide from users.

Sony also used rootkit technology to hide certain items from consumers.

http://en.wikipedia.org/wiki/2005_Sony_BMG_CD_copy_protection_scandal

With all those other scans coming up clean, I'd say you're sniffing around too deeply. Be at ease.
 

·
Registered
Joined
·
3 Posts
Discussion Starter · #4 ·
That's It! Thanks bunch Tetonbob. I do have Pinnacle Studio so it's benign. I should have queried on the CLSID String instead of Inprocserver32*. I just noticed that an unknown server in Russia was pinging my server freaked me out. Although I do have some null terminated strings that I need to get rid of. After reading info on rootkit.com, I realized how hackers are bypassing most security sweeps by presenting a false physical image of the operating system and that most anti virus companies are not keeping up fast enough against these kind of attack.
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top