Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Rootkit scan log...  (Read 3002 times)

0 Members and 1 Guest are viewing this topic.

invalidant

  • Guest
Rootkit scan log...
« on: April 15, 2006, 10:09:11 AM »
I've been scanning for rootkits with RootkitReveal and came up with the following log which I do not understand at all:

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed      4/15/2006 9:04 AM      80 bytes      Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\TrendMicro\PC-cillin\14\ScanInfo\LastScanFile      4/15/2006 9:04 AM      46 bytes      Windows API length not consistent with raw hive data.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsrh69r3.default\Cache\0ECA619Ad01      4/15/2006 9:07 AM      18.28 KB      Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsrh69r3.default\Cache\5D859893d01      4/15/2006 9:19 AM      65.37 KB      Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsrh69r3.default\Cache\76CDE01Bd01      4/15/2006 9:19 AM      32.26 KB      Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsrh69r3.default\Cache\7EB53FF9d01      4/15/2006 9:06 AM      65.34 KB      Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsrh69r3.default\Cache\B0E78B8Ed01      4/15/2006 9:07 AM      36.24 KB      Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsrh69r3.default\Cache\FF09FDFDd01      4/15/2006 9:20 AM      18.07 KB      Hidden from Windows API.


Anything to be concerned about?  Should I use other rootkit scanners?  I'm seriously reconsidering reinstalling XP.  I'm certain I didn't download anything malicious... fairly certain at least, but had problems with my firewall a few months back and didn't realize ports were out in the open.
Logged

invalidant

  • Guest
Re: Rootkit scan log...
« Reply #1 on: April 15, 2006, 12:53:52 PM »
I also have results under rkdetector that I don't understand:
Logged

Rob Pomeroy



    Prodigy

  • Systems Architect
    • Thanked: 124
    • Me
  • Experience: Expert
  • OS: Other
Re: Rootkit scan log...
« Reply #2 on: April 18, 2006, 05:14:22 AM »
No idea, personally - this is a relatively new field of development.  (Aside: I wish we could just have one malware detector for everything - that actually worked - rather than virus checker, dedicated trojan checkers, rootkit detectors (subset of trojans), spyware checkers, browser hijack detectors, ad infinitum.)  It would make sense to take this query over to Sysinternals' forum where you're more likely to find lots of people who have already played with this.
Logged
Only able to visit the forums sporadically, sorry.

Geek & Dummy - honest news, reviews and howtos
Pages: [1]   Go Up
« previous next »