Rootkit Log

Discussion in 'Computer Support' started by Bosco836, Jul 18, 2006.

  1. Bosco836

    Bosco836 Guest

    I recently ran rootkit revealer and was supprised to find 12 entrys.
    Can anyone tell me if these are harmfull or not?

    HKLM\S-1-5-21-2842261264-3930426663-120202028-1006\RemoteAccess\InternetProfile 14/01/2006
    6:16 PM 5 bytes Data mismatch between Windows API and raw hive data.
    HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 18/07/2006 10:41 AM 80
    bytes Data mismatch between Windows API and raw hive data.
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 24/05/2006 2:11 PM 0
    bytes Access is denied.
    C:\Documents and Settings\Adam\Local Settings\Application
    Data\Mozilla\Firefox\Profiles\iklyd1oi.default\Cache\32731AE8d01 18/07/2006
    10:49 AM 48.14 KB Hidden from Windows API.
    C:\Documents and Settings\Adam\Local Settings\Application
    Data\Mozilla\Firefox\Profiles\iklyd1oi.default\Cache\3E931665d01 18/07/2006
    10:49 AM 33.77 KB Hidden from Windows API.
    C:\Documents and Settings\Adam\Local Settings\Application
    Data\Mozilla\Firefox\Profiles\iklyd1oi.default\Cache\71A6C414d01 18/07/2006
    10:49 AM 24.81 KB Hidden from Windows API.
    C:\Documents and Settings\Adam\Local Settings\Application
    Data\Mozilla\Firefox\Profiles\iklyd1oi.default\Cache\9618D72Fd01 18/07/2006
    10:49 AM 15.78 KB Hidden from Windows API.
    C:\Documents and Settings\Adam\Local Settings\Application
    Data\Mozilla\Firefox\Profiles\iklyd1oi.default\Cache\A5BBBF85d01 18/07/2006
    10:49 AM 62.59 KB Hidden from Windows API.
    C:\Documents and Settings\Adam\Local Settings\Temp\plugtmp-1 18/07/2006
    10:49 AM 0 bytes Hidden from Windows API.
    C:\Documents and Settings\LocalService\Recent 18/07/2006 10:45 AM 0
    bytes Hidden from Windows API.
    C:\Documents and Settings\LocalService\Recent\Desktop.ini 18/07/2006
    10:45 AM 150 bytes Hidden from Windows API.
    C:\Program Files\Yahoo!\Messenger\ystats_A.dat 18/07/2006 9:54 AM 30
    bytes Visible in Windows API, but not in MFT or directory index.


    Thanks
     
    Bosco836, Jul 18, 2006
    #1
    1. Advertising

  2. Bosco836 wrote:
    > I recently ran rootkit revealer and was supprised to find 12 entrys.
    > Can anyone tell me if these are harmfull or not?


    <snipped>

    > Thanks


    Just so you know, there are forums for this, just as there are forums
    for HiJackThis logs.

    That said, clean out your cache and re-scan just to reassure yourself
    that you don't have a rootkit. You'll probably have a couple of entries
    left, but they're not a problem.

    Then go back to Sysinternals and ask there if you're still worried about
    it.

    --
    Rhonda Lea Kirk

    If you ever need some proof that time can heal your wounds,
    just step inside my heart and walk around these rooms;
    where the shadows used to be.... Mary Chapin Carpenter
     
    Rhonda Lea Kirk, Jul 18, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jerry G.

    Log On Screen Changed. No More Auto-Log On.

    Jerry G., Oct 22, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    560
    Locke Nash Cole
    Oct 22, 2004
  2. Annette Kurten

    New stealth rootkit

    Annette Kurten, Apr 9, 2005, in forum: Computer Support
    Replies:
    22
    Views:
    2,450
    trout
    Apr 9, 2005
  3. Tony

    Rootkit Security Threat Alert

    Tony, Oct 26, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    637
    =?ISO-8859-1?Q?R=F4g=EAr?=
    Oct 26, 2005
  4. Goro
    Replies:
    1
    Views:
    523
  5. Goro
    Replies:
    0
    Views:
    495
Loading...

Share This Page