Go Back   Velocity Reviews > Newsgroups > Computer Security
Infected by rootkit? Infected by rootkit?
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

Computer Security - Infected by rootkit?
 
Thread Tools Search this Thread
Old 11-20-2005, 12:01 PM   #1
Default Infected by rootkit?


Hello,

I have run RootkitRevealer from www.sysinternals.com.
Can someone please explain this results.
Is there a rootkit hidden in System.EnterpriseServices?

Thank you,
Max Weinland

C:\WINDOWS\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll 04.11.2005
22:09 258 bytes Visible in Windows API, but not in MFT or directory
index.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll 04.11.2005
22:09 114 bytes Visible in Windows API, but not in MFT or directory
index.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\05EBW5IV\search[1].: 03.12.2002 01:03 18.53
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\0PMVKHMB\search[1].: 29.11.2002 11:27 12.42
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\3EGBVDGH\groups[1].: 06.12.2002 21:43 20.04
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\6NOZW78X\search[1].: 09.12.2002 16:52 21.09
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\76SZ3T4X\google[1].: 22.04.2003 09:48 3.65
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\BUKV7PO5\groups[1].: 21.11.2002 22:09 12.62
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\E4E1RPKG\groups[1].: 29.12.2002 14:57 21.24
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\G1A7OPIF\groups[1].: 04.06.2003 23:44 1.08
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\GXQVK92V\dvfaq[1].: 04.06.2003 08:22 84.64
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\WDC3OFGV\search[1].: 20.12.2002 22:56 18.01
KB Hidden from Windows API.



max_weinland@yahoo.de
  Reply With Quote
Old 11-20-2005, 01:16 PM   #2
DavidPostill
 
Posts: n/a
Default Re: Infected by rootkit?
In article <. com>, on 20 Nov 2005 04:01:16 -0800,
wrote:

| Hello,
|
| I have run RootkitRevealer from www.sysinternals.com.
| Can someone please explain this results.
| Is there a rootkit hidden in System.EnterpriseServices?

The experts hang out at <http://www.sysinternals.com/Forum/forum_topics.asp?FID=15>

I suggest you post there.

Regards,

--
DavidPostill


DavidPostill
  Reply With Quote
Old 11-20-2005, 07:54 PM   #3
Autumn
 
Posts: n/a
Default Re: Infected by rootkit?
On 20 Nov 2005 04:01:16 -0800, wrote:

>Hello,
>
>I have run RootkitRevealer from www.sysinternals.com.
>Can someone please explain this results.
>Is there a rootkit hidden in System.EnterpriseServices?
>
>Thank you,
>Max Weinland
>
>C:\WINDOWS\assembly\GAC_32\System.EnterpriseServi ces\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseSer vices.dll 04.11.2005
>22:09 258 bytes Visible in Windows API, but not in MFT or directory
>index.
>C:\WINDOWS\assembly\GAC_32\System.EnterpriseServi ces\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseSer vices.Wrapper.dll 04.11.2005
>22:09 114 bytes Visible in Windows API, but not in MFT or directory
>index.
>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>Internet Files\Content.IE5\05EBW5IV\search[1].:
03.12.2002 01:03 18.53
>KB Hidden from Windows API.
>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>Internet Files\Content.IE5\0PMVKHMB\search[1].:
29.11.2002 11:27 12.42
>KB Hidden from Windows API.
>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>Internet Files\Content.IE5\3EGBVDGH\groups[1].:
06.12.2002 21:43 20.04
>KB Hidden from Windows API.
>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>Internet Files\Content.IE5\6NOZW78X\search[1].:
09.12.2002 16:52 21.09
>KB Hidden from Windows API.
>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>Internet Files\Content.IE5\76SZ3T4X\google[1].:
22.04.2003 09:48 3.65
>KB Hidden from Windows API.
>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>Internet Files\Content.IE5\BUKV7PO5\groups[1].:
21.11.2002 22:09 12.62
>KB Hidden from Windows API.
>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>Internet Files\Content.IE5\E4E1RPKG\groups[1].:
29.12.2002 14:57 21.24
>KB Hidden from Windows API.
>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>Internet Files\Content.IE5\G1A7OPIF\groups[1].:
04.06.2003 23:44 1.08
>KB Hidden from Windows API.
>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>Internet Files\Content.IE5\GXQVK92V\dvfaq[1].: 04.06.2003 08:22 84.64
>KB Hidden from Windows API.
>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>Internet Files\Content.IE5\WDC3OFGV\search[1].:
20.12.2002 22:56 18.01
>KB Hidden from Windows API.

May I make a suggestion? Run RootKit Revealer with your internet
connection off. I think you will see a different result.

HTH,

Autumn



Autumn
  Reply With Quote
Old 11-20-2005, 08:55 PM   #4
fluidly unsure
 
Posts: n/a
Default Re: Infected by rootkit?
Autumn wrote:
> On 20 Nov 2005 04:01:16 -0800, wrote:
>
>
>>Hello,
>>
>>I have run RootkitRevealer from www.sysinternals.com.
>>Can someone please explain this results.
>>Is there a rootkit hidden in System.EnterpriseServices?
>>
>>Thank you,
>>Max Weinland
>>
>>C:\WINDOWS\assembly\GAC_32\System.EnterpriseServ ices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseSe rvices.dll 04.11.2005
>>22:09 258 bytes Visible in Windows API, but not in MFT or directory
>>index.
>>C:\WINDOWS\assembly\GAC_32\System.EnterpriseServ ices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseSe rvices.Wrapper.dll 04.11.2005
>>22:09 114 bytes Visible in Windows API, but not in MFT or directory
>>index.
>>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>>Internet Files\Content.IE5\05EBW5IV\search[1].:
>
> 03.12.2002 01:03 18.53
>
>>KB Hidden from Windows API.
>>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>>Internet Files\Content.IE5\0PMVKHMB\search[1].:
>
> 29.11.2002 11:27 12.42
>
>>KB Hidden from Windows API.
>>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>>Internet Files\Content.IE5\3EGBVDGH\groups[1].:
>
> 06.12.2002 21:43 20.04
>
>>KB Hidden from Windows API.
>>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>>Internet Files\Content.IE5\6NOZW78X\search[1].:
>
> 09.12.2002 16:52 21.09
>
>>KB Hidden from Windows API.
>>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>>Internet Files\Content.IE5\76SZ3T4X\google[1].:
>
> 22.04.2003 09:48 3.65
>
>>KB Hidden from Windows API.
>>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>>Internet Files\Content.IE5\BUKV7PO5\groups[1].:
>
> 21.11.2002 22:09 12.62
>
>>KB Hidden from Windows API.
>>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>>Internet Files\Content.IE5\E4E1RPKG\groups[1].:
>
> 29.12.2002 14:57 21.24
>
>>KB Hidden from Windows API.
>>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>>Internet Files\Content.IE5\G1A7OPIF\groups[1].:
>
> 04.06.2003 23:44 1.08
>
>>KB Hidden from Windows API.
>>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>>Internet Files\Content.IE5\GXQVK92V\dvfaq[1].: 04.06.2003 08:22 84.64
>>KB Hidden from Windows API.
>>C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
>>Internet Files\Content.IE5\WDC3OFGV\search[1].:
>
> 20.12.2002 22:56 18.01
>
>>KB Hidden from Windows API.
>
>
> May I make a suggestion? Run RootKit Revealer with your internet
> connection off. I think you will see a different result.

I assume this is a case of changing a file's existence in the middle of
a RKR run.

How close to reality am I?

>
> HTH,
>
> Autumn
>


--

Liquid


fluidly unsure
  Reply With Quote
Reply

« Sony BMG's copy-protection problems grow | Gotta love filters »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How would you fix a badly infected PC? walterbyrd A+ Certification 6 11-12-2006 03:13 AM
How can You get infected by TROJANS? Abbas Software 1 08-29-2006 03:03 PM
Rootkit on MR AND MRS SMITH DVD Goro DVD Video 2 02-16-2006 03:34 PM
Sony CD Rootkit as a hack for itself... Goro DVD Video 1 11-09-2005 10:53 PM
Re: Virus Problem ** Help!** David BlandIII A+ Certification 1 03-02-2004 06:00 PM


Contact Us - - Archive - Privacy Statement - Top


SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46