Best way to create clean Windows XP boot cd for running rootkit detection

Discussion in 'Computer Support' started by pamelafiischer@yahoo.com, Nov 20, 2005.

  1. Guest

    What is the best way for mere mortals to create a CLEAN Windows XP boot
    CD?

    >From a related thread on available rootkit detection utilities, it was

    suggested we attempt the Microsoft Strider GhostBuster Rootkit
    Detection method recommended by the Microsoft Windows Defender Strider
    GhostBuster Project ( http://research.microsoft.com/rootkit ).

    Following those Microsoft instructions, we performed the following on
    Windows XP:
    NOTE WE ARE STUCK AT STEP 4!

    1. Go to the Windows XP command line:
    Start -> Run -> cmd

    2. Go to your rootkit detection program folder:
    C:\> cd c:\proggies\RKD\

    3. Create an ordered list with bare headings of all hidden & not-hidden
    files:
    RKD:\> dir /s/ah/l/on/b c:\ > all_hidden_files_before.txt
    RKD:\> dir /s/a-h/l/on/b c:\ > not_hidden_files_before.txt

    4. Boot to a Windows XP CDROM.
    - My question is:
    Q: HOW TO BOOT TO A WINDOWS XP CDROM WHEN YOU DON'T HAVE ONE!

    5. Re-run step 3's lower-case ordered list from the Windows XP cdrom
    boot:
    RKD:\> dir /s/ah/l/on/b c:\ > all_hidden_files_after.txt
    RKD:\> dir /s/a-h/l/on/b c:\ > not_hidden_files_after.txt

    6. Run WinDiff from the clean WinXP boot to compare before/after files:
    http://www.grigsoft.com/download-windiff.htm

    We are stuck at step 4 for lack of the simplest way to obtain a Windows
    XP boot cdrom. Our system came configured so we don't have that clean
    Windows XP boot CDROM.

    Googling we get MANY confusing ways to create a Windows XP bootable
    CDROM, some of which seem to be promising, e.g.,
    a. Bart's Preinstalled Environment (BartPE) bootable live windows
    CD/DVD
    http://www.nu2.nu/pebuilder

    b. Bart's way to create bootable CD-Roms (for Windows/Dos)
    http://www.nu2.nu/bootcd

    c. Creating bootable Windows 2000/XP/2003 Disc (Nero 6)
    http://www.tacktech.com/display.cfm?ttid=297

    d. The Ultimate Boot CD for Windows XP
    http://www.ultimatebootcd.com

    e. UBCD for Windows® Project
    http://www.ubcd4win.com

    f. Windows XP Fresh Install Bootdisk And Bootable CD
    http://www.bootdisk.com

    Since there are so many method, and since the whole point is to boot to
    a KNOWN GOOD Windows XP, it behooves newbies like us to ask for a
    recommended path so that we don't stray too far along the wrong
    (perhaps dangerous) method

    Which leaves me with the question at hand:
    Q: Where is the safest & easiest mehod to obtain & burn a WinXP
    bootable CDROM.
     
    , Nov 20, 2005
    #1
    1. Advertising

  2. Toolman Tim Guest

    In news:,
    spewed forth:
    > What is the best way for mere mortals to create a CLEAN Windows XP
    > boot CD?
    >


    Borrow one from your friend, family member, or neighbor. It's not rocket
    science.

    And back off on the cross-posting. Why would alt.privacy.spyware want to
    read your question? One or two groups at a time would be much more
    appropriate.

    --
    Some people are like Slinkies. Not really good for anything, but you
    still can't help but smile when you see one tumble down the stairs.
     
    Toolman Tim, Nov 20, 2005
    #2
    1. Advertising

  3. Malke Guest

    wrote:

    > What is the best way for mere mortals to create a CLEAN Windows XP
    > boot CD?
    >
    >>From a related thread on available rootkit detection utilities, it was

    > suggested we attempt the Microsoft Strider GhostBuster Rootkit
    > Detection method recommended by the Microsoft Windows Defender Strider
    > GhostBuster Project ( http://research.microsoft.com/rootkit ).
    >
    > Following those Microsoft instructions, we performed the following on
    > Windows XP:
    > NOTE WE ARE STUCK AT STEP 4!
    >
    > 1. Go to the Windows XP command line:
    > Start -> Run -> cmd
    >
    > 2. Go to your rootkit detection program folder:
    > C:\> cd c:\proggies\RKD\
    >
    > 3. Create an ordered list with bare headings of all hidden &
    > not-hidden files:
    > RKD:\> dir /s/ah/l/on/b c:\ > all_hidden_files_before.txt
    > RKD:\> dir /s/a-h/l/on/b c:\ > not_hidden_files_before.txt
    >
    > 4. Boot to a Windows XP CDROM.
    > - My question is:
    > Q: HOW TO BOOT TO A WINDOWS XP CDROM WHEN YOU DON'T HAVE ONE!
    >

    (snippage)

    > Since there are so many method, and since the whole point is to boot
    > to a KNOWN GOOD Windows XP, it behooves newbies like us to ask for a
    > recommended path so that we don't stray too far along the wrong
    > (perhaps dangerous) method
    >
    > Which leaves me with the question at hand:
    > Q: Where is the safest & easiest mehod to obtain & burn a WinXP
    > bootable CDROM.


    The short answer for your case is "you can't unless you can create a
    Bart's PE". You need a real XP operating system disk (which is bootable
    all by itself), not a "Recovery Disk". You can sometimes create a
    Bart's if your OEM installed the i386 directory with the complete
    operating system. If you don't even have that, short of buying yourself
    a copy of XP, you can't do what you want. This has nothing to do with
    being mortal, BTW. ;-)

    Understand that when you buy a computer with an MS operating system
    preinstalled, the computer mftr. legally has to give you a way to
    return the computer to factory condition. This can be done in three
    ways:

    1. By giving you a cd with the full operating system on it. This will
    probably be OEM (as opposed to retail), but that's OK for
    repair/reinstallation purposes.

    2. By putting a restore image on a partition (which may be hidden) on
    the hard drive and not giving you any physical cd's.

    3. By giving you a physical cd(s) with the restore image on it. An image
    is not the same as the real operating system.

    You apparently purchased a computer that fits into #3 above.

    Malke
    --
    MS-MVP Windows User/Shell
    Elephant Boy Computers
    www.elephantboycomputers.com
    "Don't Panic"
     
    Malke, Nov 20, 2005
    #3
  4. Guest

    Malke wrote:
    > You need a real XP operating system disk (which is bootable
    > all by itself), not a "Recovery Disk". You can sometimes create a
    > Bart's if your OEM installed the i386 directory with the complete
    > operating system.


    Yes indeed. I have only a common restore CD (which I used once and it
    put all the original programs on the PC even the advertising garbage
    from the manufacturer I had long deleted that I had to delete again). I
    do not have the requisite Windows XP installation CDROM.

    Are you saying that unless I have an "i386" directory, I can't create
    the Windows Boot CD that I need in order to run the Microsoft suggested
    rootkit detection method?

    Q1: Is THIS 2,451 file folder the one I need to create the boot cdrom?
    C:\WINDOWS\ServicePackFiles\i386

    The folder properties, wierdly, on this i386 folder say it is a Size of
    500 MB (525,142,242 bytes) yet its properties also say it has a Size on
    disk of 318 MB (334,063,651 bytes).

    Is C:\Windows\ServicePackFiles\i386 good enough to create a WinXP boot
    disk sufficient to run WinDiff to compare before & after files for
    rootkit detection?

    Your answer will help not only me, but others too,
    Pamela
     
    , Nov 20, 2005
    #4
  5. Toolman Tim Guest

    In news:,
    spewed forth:
    > Malke wrote:
    >> You need a real XP operating system disk (which is bootable
    >> all by itself), not a "Recovery Disk". You can sometimes create a
    >> Bart's if your OEM installed the i386 directory with the complete
    >> operating system.

    >
    > Yes indeed. I have only a common restore CD (which I used once and it
    > put all the original programs on the PC even the advertising garbage
    > from the manufacturer I had long deleted that I had to delete again).
    > I do not have the requisite Windows XP installation CDROM.
    >
    > Are you saying that unless I have an "i386" directory, I can't create
    > the Windows Boot CD that I need in order to run the Microsoft
    > suggested rootkit detection method?
    >
    > Q1: Is THIS 2,451 file folder the one I need to create the boot cdrom?
    > C:\WINDOWS\ServicePackFiles\i386



    That is most likely the location of the XP setup files, yes.


    > The folder properties, wierdly, on this i386 folder say it is a Size
    > of 500 MB (525,142,242 bytes) yet its properties also say it has a
    > Size on disk of 318 MB (334,063,651 bytes).



    I believe that's because of cluster size. Don't worry 'bout it.


    > Is C:\Windows\ServicePackFiles\i386 good enough to create a WinXP boot
    > disk sufficient to run WinDiff to compare before & after files for
    > rootkit detection?



    dunno - never tried it. I have multiple copies of XP setup disks of varying
    types.

    --
    Some people are like Slinkies. Not really good for anything, but you
    still can't help but smile when you see one tumble down the stairs.
     
    Toolman Tim, Nov 20, 2005
    #5
  6. Malke Guest

    wrote:

    > Malke wrote:
    >> You need a real XP operating system disk (which is bootable
    >> all by itself), not a "Recovery Disk". You can sometimes create a
    >> Bart's if your OEM installed the i386 directory with the complete
    >> operating system.


    Comments inline:

    > Are you saying that unless I have an "i386" directory, I can't create
    > the Windows Boot CD that I need in order to run the Microsoft
    > suggested rootkit detection method?


    Yes. You certainly can run RootKit Detector (I assume you're referring
    to Systernals' free utility) without going through all the rest of
    that. If you didn't play/install one of the Sony CD's in your computer,
    I wouldn't get all worked up about this issue.

    >
    > Q1: Is THIS 2,451 file folder the one I need to create the boot cdrom?
    > C:\WINDOWS\ServicePackFiles\i386


    Yes.

    > The folder properties, wierdly, on this i386 folder say it is a Size
    > of 500 MB (525,142,242 bytes) yet its properties also say it has a
    > Size on disk of 318 MB (334,063,651 bytes).


    The files are compressed.
    >
    > Is C:\Windows\ServicePackFiles\i386 good enough to create a WinXP boot
    > disk sufficient to run WinDiff to compare before & after files for
    > rootkit detection?


    You can but try. It won't hurt. Again, if you didn't play/install one of
    Sony's DRM-protected (hah!) CD's, you probably don't need to put
    yourself through all this. If you just want to play around for learning
    purposes, then definitely build yourself a Bart's. They are very useful
    to have.

    Malke
    --
    MS-MVP Windows User/Shell
    Elephant Boy Computers
    www.elephantboycomputers.com
    "Don't Panic"
     
    Malke, Nov 20, 2005
    #6
  7. <> wrote in message
    news:...

    > Are you saying that unless I have an "i386" directory, I can't create
    > the Windows Boot CD that I need in order to run the Microsoft suggested
    > rootkit detection method?


    I'm not sure I would describe that as Microsoft's recommended root kit
    detection. I work in this area and I have never had to resort to this quite
    painful measure, nor should most users have to. Most root kits are detected
    because they forget to hide something. Booting to Bart PE might arguably be
    the most reliable detection method, but it is also the most costly,
    especially when supporting a large enterprise.

    Before ever resorting to Bart PE, you should always first use much easier
    tools like www.sysinternals.com rootkit revealer and also rkdetect which can
    be found by searching www.google.com.

    Root kits often send out network traffic, and that traffic cannot be hidden,
    especially once it leaves the system. Running a free sniffer like
    www.ethereal.com and/or any Windows firewall such as www.kerio.com,
    www.sygate.com or www.zonealarm.com may help detect this traffic. Better
    yet, for an enterprise, use good egress firewall filters with logging,
    inspect the firewall logs for blocked traffic, use network IDS such as
    Snort, use a proxy server configured to only allow out browsers using the
    pre-approved http user-agent string. Malware like root kits can evade
    personal firewalls to get out, but I believe the firewalls should still
    display and log the outbound traffic for you.

    I believe there are other alternatives to Bart PE, such as the
    www.Bitdefender.com Linux boot CD.
     
    Karl Levinson, mvp, Nov 21, 2005
    #7
  8. Guest

    Malke wrote:
    > (I assume you're referring to Systernals' free utility) without
    > needing a Windows XP bootable cdrom


    Actually, I tried (and failed) to complete the SysInternals
    RootKitRevealer:
    http://www.sysinternals.com/utilities/rootkitrevealer.html

    Even though I ran the SysInternals RootKit Revealer logged in as the
    administrator, this preferred rootkit detection method totally failed
    to run saying "An error occurred. Check machine availability and your
    access level (must be an administrator)." But, I am the administrator,
    I loudly protest to the PC, all to no avail.

    Then I tried the Microsoft Strider GhostBuster Rootkit Detection kit
    method:
    http://research.microsoft.com/rootkit
    Unfortunately, this second-best method requires us to boot to a
    separate Windows XP bootable disk (which I don't have) or to the "Bart
    PE" (which I may end up making from my i386 directory on my hard
    drive). But, as noted, this is a lot of work. I wish I knew why the
    SysInternals tool thinks I'm not the administrator. I didn't set up
    this PC so maybe there is something tricky going on.

    Since, at the moment, both the SysInternals & Microsoft methods are
    failing miserably, I'll try the RKdetect Rootkit Detecter method
    documented at:
    http://www.security.nnov.ru/files/rkdetect.zip

    But, I wonder ...
    Q: Is it just me or does everyone have this problem that SysInternals'
    Root Kit Revealer fails due to a permission problem (even though I run
    it as administrator).

    Does anyone have any idea what to check to see why the SysInternals
    site thinks I'm not the administrator even though I am logged in as the
    administrator?

    Pamela
     
    , Nov 21, 2005
    #8
  9. Guest

    David H. Lipman wrote:
    > One should copy the i386 folder off the CDROM and slip-stream the
    > i386 folder with SP2 and then use that slip-streamed folder to create a
    > CDROM to build a fresh OS (this is true for all the NT based OS')


    Hi David,

    Thank you for your advice noting that the
    C:\WINDOWS\ServicePackFiles\i386 directory is not the required i386
    directory to create the official "Preinstalled Environment (BartPE)
    bootable live windows CD/DVD" as per instructions at
    http://www.nu2.nu/pebuilder

    This so-called "Bart PE" cdrom is apparently what is required to boot
    to in order to run Microsoft's Windows Defender Project rootkit
    identification steps documented at
    http://research.microsoft.com/rootkit

    Since I have access to my sister's computer (which is the same make and
    model as mine), do you think I can use her i386 directory (if we can
    find it) to create the Bart PE Windows XP bootable CDROM for this task?

    That is, my question is:
    Q: Does the BART PE bootable CDROM have to be machine specific (or can
    we use any Bart PE bootable CDROM we can get our hands on in order to
    run the specified Microsoft dir commands to locate cloaked files on our
    systems?

    Wishing finding cloaked rootkits was more step-by-step for mere mortals
    such as I,
    Pamela
     
    , Nov 21, 2005
    #9
  10. Guest

    wrote:
    > Even though I ran the SysInternals RootKit Revealer logged in as the
    > administrator, this preferred rootkit detection method totally failed
    > to run saying "An error occurred. Check machine availability and your
    > access level (must be an administrator)." But, I am the administrator,
    > I loudly protest to the PC, all to no avail.


    Ouch. I confused myself by accidentally mixing up tool errors here. It
    was RKDetect (from http://www.security.nnov.ru/files/rkdetect.zip which
    is reporting "An error occurred. Check machine availability and your
    access level (must be an administrator)." This is occurring even though
    I am the administrator, logged in as administrator.

    The SysInternals RootKit Revealer actually worked fine; but it reported
    finding cloaked things like:
    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 6/16/2004
    9:19 PM 0 bytes Key name contains embedded nulls (*)

    This hex 8-4-4-4-12 digit "unique?" class id is totally meaningless to
    mere mortals such as I.

    Even after attempting to look up the unique name for the class id at
    http://www.microsoft.com/technet/prodtechnol/host/proddocs/appint/asdefclassid.mspx
    I still don't know what that 8-4-4-4-12 CLSID actually refers to (do
    you?).

    Is there a class id to real product name lookup table somewhere on the
    Internet?

    Pamela
     
    , Nov 21, 2005
    #10
  11. Guest

    Vrodok the Troll wrote:
    > "Don't Panic"


    Having failed in the prior two attempts at locating intelligable
    information on whether or not a rootkit is infecting my system, I tried
    the third method of locating rootkits.

    ROOTKIT DETECTION METHOD 1 (RKR) failed due to cryptic output:
    - http://www.sysinternals.com/utilities/rootkitrevealer.html

    ROOTKIT DETECTION METHOD 2 (RKD) failed due to unknown privilage
    issues:
    http://www.security.nnov.ru/files/rkdetect.zip

    ROOTKIT DETECTION METHOD 3 (STRIDER) requires a boot WinXP CD/DVD:
    http://research.microsoft.com/rootkit

    Unfortunately this third, rather elegant, Microsoft documented method
    requires a separate Windows XP bootable CDROM - which I don't yet have
    - but which is the topic of this conversation.

    Since I don't have a known good i386 directory on my system, I am
    currently at 55% of an hours-long download of a Windows XP bootable CD
    which I hope solves the problem of me not having a bootable Windows XP
    CDROM.

    Can we use someone elses' i386 directory, for example, to create the
    "Bart's PE" Preinstalled Environment bootable live windows CDROM/DVD
    following instructions at http://www.nu2.nu/pebuilder

    Or ...

    Q: Do you know of any other method of obtaining a bootable Windows
    CDROM so we can run the Microsoft documented method of detecting
    cloaked files even though we don't have an original Windows XP bootable
    CDROM available?

    Pamela
     
    , Nov 21, 2005
    #11
  12. Nathan Dart Guest

    wrote:

    >Does the BART PE bootable CDROM have to be machine specific


    No, not if you use the Ultimate Boot CD for Windows with the driver
    pack.

    http://www.ubcd4win.com/

    The above web site has some very good directions for you to follow,
    including how to slipstream the boot image with SP1 and SP2 if
    required.
     
    Nathan Dart, Nov 21, 2005
    #12
  13. Guest

    Nathan Dart wrote:
    > http://www.ubcd4win.com has some very good directions for you to follow,
    > including how to slipstream the boot image with SP1 and SP2


    Pray tell, my vocabulary needs a firmware update.

    What does "slipstream" mean?

    Pamela
     
    , Nov 21, 2005
    #13
  14. HeeroYuy Guest

    <> wrote in message
    news:...
    > Nathan Dart wrote:
    >> http://www.ubcd4win.com has some very good directions for you to follow,
    >> including how to slipstream the boot image with SP1 and SP2

    >
    > Pray tell, my vocabulary needs a firmware update.
    >
    > What does "slipstream" mean?
    >
    > Pamela


    Slipstream is the process of merging Windows updates (mostly service packs)
    to the files from the Windows CD.
     
    HeeroYuy, Nov 21, 2005
    #14
  15. Sunny Guest

    "HeeroYuy" <> wrote in message
    news:...
    >
    > <> wrote in message
    > news:...
    >> Nathan Dart wrote:
    >>> http://www.ubcd4win.com has some very good directions for you to follow,
    >>> including how to slipstream the boot image with SP1 and SP2

    >>
    >> Pray tell, my vocabulary needs a firmware update.
    >>
    >> What does "slipstream" mean?
    >>
    >> Pamela

    >
    > Slipstream is the process of merging Windows updates (mostly service
    > packs) to the files from the Windows CD.


    http://www.winsupersite.com/showcase/windowsxp_sp2_slipstream.asp
     
    Sunny, Nov 21, 2005
    #15
  16. On 20 Nov 2005 19:45:08 -0800, wrote:


    >The SysInternals RootKit Revealer actually worked fine; but it reported
    >finding cloaked things like:
    >HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 6/16/2004
    >9:19 PM 0 bytes Key name contains embedded nulls (*)
    >
    >This hex 8-4-4-4-12 digit "unique?" class id is totally meaningless to
    >mere mortals such as I.
    >
    >Even after attempting to look up the unique name for the class id at
    >http://www.microsoft.com/technet/prodtechnol/host/proddocs/appint/asdefclassid.mspx
    >I still don't know what that 8-4-4-4-12 CLSID actually refers to (do
    >you?).


    A CLSID is a COM GUID, essentially a totally unique number which
    identifies a binary component and is the used by programs to reference
    and load that component.



    >Is there a class id to real product name lookup table somewhere on the
    >Internet?


    I doubt it, it'd be huge. There's a program called guidgen.exe which
    comes with the MS SDK and supposedly if all of us ran it at once, over
    and over again, it would never repeat a number.. ever...

    However, it's at least worth doing a search on google groups for it,
    which finds various posts (including yours of course). There's a post
    which implies it's a hidden key that's part of Pinnacle Studio. As it
    happens I've got Studio on one of my PCs and it seems I have this key
    also. I don't have it on any other PCs. So I guess what I'm saying is
    that if you have Pinnacle Studio installed on that PC, then that's
    probably confirmed what it is and that it's harmless (if not exactly
    ethical).


    SP
     
    Sue Perficial, Nov 22, 2005
    #16
  17. Guest

    Sue Perficial wrote:
    > There's a post which implies it's a hidden key that's part of Pinnacle Studio.
    > As it happens I've got Studio on one of my PCs and it seems I have this key
    > also. I don't have it on any other PCs. So I guess what I'm saying is
    > that if you have Pinnacle Studio installed on that PC, then that's
    > probably confirmed what it is and that it's harmless (if not exactly
    > ethical).


    I believe you are correct.

    There is more information in the post here:
    http://www.sysinternals.com/forum/forum_posts.asp?TID=2510&PN=1&TPN=1

    Apparently Avid (the makers of Pinnacle Studio) use a Windows exploit
    to provide an illegal value to their registration key such that one can
    not open, view, modify, or delete that key (even their un-installation
    program leaves the basically permanent exploit behind).

    Isn't there a body out there that condemns these illegal (with respect
    to syntax) exploits of the Microsoft Windows XP operating system. I
    don't know much about computers so an expert can tell me if this is
    malware or ineptware or just secretware - but it doesn't feel right to
    the SysInternals rootkit revealer software which reporte it in the
    first place.

    Pamela
     
    , Nov 23, 2005
    #17
  18. Alun Jones Guest

    wrote:
    > There is more information in the post here:
    > http://www.sysinternals.com/forum/forum_posts.asp?TID=2510&PN=1&TPN=1
    >
    > Apparently Avid (the makers of Pinnacle Studio) use a Windows exploit
    > to provide an illegal value to their registration key such that one can
    > not open, view, modify, or delete that key (even their un-installation
    > program leaves the basically permanent exploit behind).
    >
    > Isn't there a body out there that condemns these illegal (with respect
    > to syntax) exploits of the Microsoft Windows XP operating system. I
    > don't know much about computers so an expert can tell me if this is
    > malware or ineptware or just secretware - but it doesn't feel right to
    > the SysInternals rootkit revealer software which reporte it in the
    > first place.


    The closest you'll find is "logo compliance" at Microsoft - a company can
    submit its software or hardware for approval to carry a number of different
    logos - and those logos are not granted if Microsoft detects that the
    application is up to most kinds of naughty chicanery.

    However, what you've discovered here is that this company views their rights
    to enforce their licence as being paramount over your rights to control what
    is, or isn't, left on your system.

    Think about that.

    They assert control over the systems of all of their legal customers
    allegedly as a means to prevent illegal use.

    Can you afford to be a customer of a company that treats your rights in such
    a cavalier manner?

    Alun.
    ~~~~
    [Please don't email posters, if a Usenet response is appropriate.]
    --
    Texas Imperial Software | Find us at http://www.wftpd.com or email
    23921 57th Ave SE | .
    Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
    Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
     
    Alun Jones, Nov 23, 2005
    #18
  19. On 22 Nov 2005 23:09:25 -0800, wrote:

    >Sue Perficial wrote:
    >> There's a post which implies it's a hidden key that's part of Pinnacle Studio.
    >> As it happens I've got Studio on one of my PCs and it seems I have this key
    >> also. I don't have it on any other PCs. So I guess what I'm saying is
    >> that if you have Pinnacle Studio installed on that PC, then that's
    >> probably confirmed what it is and that it's harmless (if not exactly
    >> ethical).

    >
    >I believe you are correct.
    >
    >There is more information in the post here:
    >http://www.sysinternals.com/forum/forum_posts.asp?TID=2510&PN=1&TPN=1
    >
    >Apparently Avid (the makers of Pinnacle Studio) use a Windows exploit
    >to provide an illegal value to their registration key such that one can
    >not open, view, modify, or delete that key (even their un-installation
    >program leaves the basically permanent exploit behind).
    >
    >Isn't there a body out there that condemns these illegal (with respect
    >to syntax) exploits of the Microsoft Windows XP operating system. I
    >don't know much about computers so an expert can tell me if this is
    >malware or ineptware or just secretware - but it doesn't feel right to
    >the SysInternals rootkit revealer software which reporte it in the
    >first place.


    To be fair, it's not a particularly insidious technique, it's just a
    'trick' that Pinnacle chose to use to try and protect their software
    from being ripped off. It doesn't do any harm as such. It just looks
    bad these days because loads of spyware has started to use the same
    trick and hence RkR has started reporting on it.


    SP
     
    Sue Perficial, Nov 23, 2005
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David H. Lipman
    Replies:
    34
    Views:
    3,475
    Jim Byrd
    Sep 25, 2005
  2. Blue Event Horizon
    Replies:
    6
    Views:
    3,151
    raincoater
    Sep 9, 2006
  3. Pamela Fischer
    Replies:
    4
    Views:
    857
  4. Rootkit detection and removal

    , Mar 12, 2006, in forum: Computer Support
    Replies:
    5
    Views:
    2,669
    Plato
    Mar 12, 2006
  5. Giuen
    Replies:
    0
    Views:
    1,162
    Giuen
    Sep 12, 2008
Loading...

Share This Page