View Full Version : Scanning found this
Rainwalker
January 17th, 2006, 11:24 AM
Is this ok........or not....... HKLM\SOFTWARE\Microsoft\cryptography\rng\seed
This showed as a data mismatch between Windows API and the Raw Hive Data..........
Bubba
January 17th, 2006, 11:28 AM
In case it helps for discussion what "Scanning found this"....Rootkit revealer http://www.wilderssecurity.com/images/icons/icon5.gif
If so....I reckon we can attempt to determine or focus on the seed
key that was possibly being altered during the scan :-\
Introduction (http://www.sysinternals.com/Utilities/RootkitRevealer.html)
{QUOTE-> Data mismatch between Windows API and raw hive data.
This discrepancy will occur if a Registry value is updated while the Registry scan is in progress.
<-QUOTE}
Edit
additional info if this is indeed Rootkit Revealer related:
It is mentioned numerous times via a search @ the Sysinternal\Rootkit Revealer Forums (http://www.sysinternals.com/Forum/search.asp?KW=seed&SM=1&SI=PT&FM=15&OB=1&Submit=Start+Search) that the crypto\rng\seed is a common false positive :-\
One post in particular by namrehto of the Moderator Group:
http://www.sysinternals.com/Forum/forum_posts.asp?TID=3111
Rainwalker
January 17th, 2006, 10:34 PM
Thanks Bubba :)
vBulletin® Copyright ©2000-2009, Jelsoft Enterprises Ltd.