Re: Is this a rootkit?

Discussion in 'Computer Security' started by David H. Lipman, Jul 2, 2006.

  1. From: "Tim Walters" <>

    | I ran a RootkitRevealer scan yesterday, and there were 4000+ discrepancies.
    | I then put down a fresh installation of W2K (dual booting) on a different
    | drive, and ran a virus check. A Kak.worm was found but it didn't detect any
    | rootkit. I then rebooted under my main installation, and ran RootkitRevealer
    | again. There are 4243 discrepancies. Here are a few samples taken from the
    | scan report. (The same sampling is also adjoined because opened in Notepad
    | each entry has its own line.)
    |
    | Can anyone say if this is evidence of a rootkit? And what can I do to get
    | rid of these discrepancies?
    |
    | Thanks, Tim
    | | HKLM\S-1-5-21-776561741-343818398-682003330-500\Control Panel\Microsoft

    asked and answered. Please learn to Cross-post to pertinent, On Topic, News Groups and not
    to Multi-Post.

    Additionally plaese learn where it is and where it is NOT acceptable to post attachments.
    In the alt.* hierarchy only the in the alt.binaries.* hierarchy is it acceptable to post
    attachments.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Jul 2, 2006
    #1
    1. Advertising

  2. David H. Lipman

    blackhat Guest

    David H. Lipman wrote:
    > From: "Tim Walters" <>
    >
    > | I ran a RootkitRevealer scan yesterday, and there were 4000+ discrepancies.
    > | I then put down a fresh installation of W2K (dual booting) on a different
    > | drive, and ran a virus check. A Kak.worm was found but it didn't detect any
    > | rootkit. I then rebooted under my main installation, and ran RootkitRevealer
    > | again. There are 4243 discrepancies. Here are a few samples taken from the
    > | scan report. (The same sampling is also adjoined because opened in Notepad
    > | each entry has its own line.)
    > |
    > | Can anyone say if this is evidence of a rootkit? And what can I do to get
    > | rid of these discrepancies?
    > |
    > | Thanks, Tim
    > | | HKLM\S-1-5-21-776561741-343818398-682003330-500\Control Panel\Microsoft


    All the rootkit checkers are still in beta, F-Secure has black light
    available for free, and it gives you information on what it finds, just
    don't be to quick to delete anything
    >
    > asked and answered. Please learn to Cross-post to pertinent, On Topic, News Groups and not
    > to Multi-Post.
    >
    > Additionally plaese learn where it is and where it is NOT acceptable to post attachments.
    > In the alt.* hierarchy only the in the alt.binaries.* hierarchy is it acceptable to post
    > attachments.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
     
    blackhat, Jul 3, 2006
    #2
    1. Advertising

  3. David H. Lipman, Jul 3, 2006
    #3
  4. David H. Lipman

    Guest

    David H. Lipman wrote:
    > From: "blackhat" <>
    >
    >
    > |
    > | All the rootkit checkers are still in beta, F-Secure has black light
    > | available for free, and it gives you information on what it finds, just
    > | don't be to quick to delete anything
    >
    >
    > Not Gmer, it is no Beta !
    >
    > http://www.gmer.net
    >
    > Highly recommended for the knowledgeable professional !!
    >
    >
    >


    i'm not sure that being very knowledgable helps that much with windows.
    With a program like that, surely all you do is google the process, and
    if it's evil, deselect it.
     
    , Jul 4, 2006
    #4
  5. From: <>


    | i'm not sure that being very knowledgable helps that much with windows.
    | With a program like that, surely all you do is google the process, and
    | if it's evil, deselect it.

    Google is NOT a good source of autghorative information as it will provide both faux and
    true data.

    For example if you search for anti virus software you will find that Rougue anti virus
    software, actual malware, will be provided to your search.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Jul 4, 2006
    #5
  6. David H. Lipman

    Guest

    David H. Lipman wrote:
    > From: <>
    >
    >
    > | i'm not sure that being very knowledgable helps that much with windows.
    > | With a program like that, surely all you do is google the process, and
    > | if it's evil, deselect it.
    >
    > Google is NOT a good source of autghorative information as it will provide both faux and
    > true data.
    >


    Many people use google to read your advice. I'm sure you use google
    too, to find good information.

    > For example if you search for anti virus software you will find that Rougue anti virus
    > software, actual malware, will be provided to your search.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm



    when you say that gmer is for the knowledgeable professional. Do you
    mean the person that knows what processes are safe to delete, how to
    locate said registry key, and delete?

    the person that can use google effectively - weeding out the good
    advice from the bad ?

    you see, I don't think an MCSE is relevant to using gmar. Neither do I
    think knowledge of tcp/ip protocols is. So I can't really see what
    knowledge you refer to.
     
    , Jul 4, 2006
    #6
  7. From: <>


    Replies are inline...

    |
    | when you say that gmer is for the knowledgeable professional. Do you
    | mean the person that knows what processes are safe to delete, how to
    | locate said registry key, and delete?


    Gmer identifies hidem malware processes. However, I don't suggest such software for a
    novice.


    |
    | the person that can use google effectively - weeding out the good
    | advice from the bad ?


    From what I have seen... the average person is NOT good at this. That is why I posted the
    anti virus example. It comes from Usenet practical feedback.


    |
    | you see, I don't think an MCSE is relevant to using gmar. Neither do I
    | think knowledge of tcp/ip protocols is. So I can't really see what
    | knowledge you refer to.


    I don't think a MCSE means anything more than, Microsoft Can't Secure Enough. :)

    When I say "knowledgeable" I mean have a good understanding of the OS processes, utilities
    that are running and where they are loaded from and what may considered "naormal". Yes, I
    relaize the term knowledgeable is vagues to say the least. However it does leave a class
    who who thing they are not knowledgeable enoough to use a software for dealing with such a
    concept as a RootKit.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Jul 4, 2006
    #7
  8. From: <>

    |
    | David H. Lipman wrote:
    >> From: <>
    >>

    |>> i'm not sure that being very knowledgable helps that much with windows.
    |>> With a program like that, surely all you do is google the process, and
    |>> if it's evil, deselect it.
    >>
    >> Google is NOT a good source of autghorative information as it will provide both faux and
    >> true data.
    >>

    | Many people use google to read your advice. I'm sure you use google
    | too, to find good information.
    |
    >> For example if you search for anti virus software you will find that Rougue anti virus
    >> software, actual malware, will be provided to your search.
    >>
    >> --
    >> Dave
    >> http://www.claymania.com/removal-trojan-adware.html
    >> http://www.ik-cs.com/got-a-virus.htm

    |
    | when you say that gmer is for the knowledgeable professional. Do you
    | mean the person that knows what processes are safe to delete, how to
    | locate said registry key, and delete?
    |
    | the person that can use google effectively - weeding out the good
    | advice from the bad ?
    |
    | you see, I don't think an MCSE is relevant to using gmar. Neither do I
    | think knowledge of tcp/ip protocols is. So I can't really see what
    | knowledge you refer to.

    Here is a good writeup on Gmer....
    http://spyware-free.us/2006/07/gmer_07.html

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Jul 8, 2006
    #8
  9. David H. Lipman

    Guest

    David H. Lipman wrote:
    > From: <>
    >
    > |
    > | David H. Lipman wrote:
    > >> From: <>
    > >>

    > |>> i'm not sure that being very knowledgable helps that much with windows.
    > |>> With a program like that, surely all you do is google the process, and
    > |>> if it's evil, deselect it.
    > >>
    > >> Google is NOT a good source of autghorative information as it will provide both faux and
    > >> true data.
    > >>

    > | Many people use google to read your advice. I'm sure you use google
    > | too, to find good information.
    > |
    > >> For example if you search for anti virus software you will find that Rougue anti virus
    > >> software, actual malware, will be provided to your search.
    > >>
    > >> --
    > >> Dave
    > >> http://www.claymania.com/removal-trojan-adware.html
    > >> http://www.ik-cs.com/got-a-virus.htm

    > |
    > | when you say that gmer is for the knowledgeable professional. Do you
    > | mean the person that knows what processes are safe to delete, how to
    > | locate said registry key, and delete?
    > |
    > | the person that can use google effectively - weeding out the good
    > | advice from the bad ?
    > |
    > | you see, I don't think an MCSE is relevant to using gmar. Neither do I
    > | think knowledge of tcp/ip protocols is. So I can't really see what
    > | knowledge you refer to.
    >
    > Here is a good writeup on Gmer....
    > http://spyware-free.us/2006/07/gmer_07.html
    >
    > --
    > Dave


    thanks for the link. I don't doubt the ability of the "reviewer" to use
    gmer. Though that is one of the most childish reviews I have ever
    seen. It looks like it has been written by a 14 year old. For an IT
    school coursework.

    How many screen dumps does he have to include with "yes or no"
    options?!!
    "Do you want to shutdown the machine? yes, no "
    Or worse, the classic "Press ok to continue". He includes a screen dump
    of that too.

    No doubt he's brilliant at removing spyware, and using tools like gmer
    and hijack this, and fixing computers generally. And i'm sure he has
    helped many people. It does further prove that it doesn't take a genius
    to do it. Though the average person cannot do it

    Regarding the philosophical distinction, those that can use a program
    like gmer, and those that can't. I think it's just a case of people
    that can fix their own computer, and people that can't.

    Of course, one may have to put off those that can't, to prevent them
    from messing everything up. It's for their own good. In which case,
    one might say "Leave it to the professionals!!!!" Of course the
    professional could be a 12 year old with a bit of talent!
     
    , Jul 8, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Annette Kurten

    New stealth rootkit

    Annette Kurten, Apr 9, 2005, in forum: Computer Support
    Replies:
    22
    Views:
    2,462
    trout
    Apr 9, 2005
  2. Tony

    Rootkit Security Threat Alert

    Tony, Oct 26, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    658
    =?ISO-8859-1?Q?R=F4g=EAr?=
    Oct 26, 2005
  3. Goro
    Replies:
    1
    Views:
    528
  4. Goro
    Replies:
    0
    Views:
    500
  5. Goro

    Rootkit on MR AND MRS SMITH DVD

    Goro, Feb 16, 2006, in forum: DVD Video
    Replies:
    2
    Views:
    578
Loading...

Share This Page