Free Sophos Anti-Rootkit 1.0

I got the same warning, does anyone know what I can do to get a proper scan?

 

I got same message.

 

I didn't get that message. I scanned the registry several times and all scans were successful with no findings.

By the way, just found that a slightly new version 1.1 was released, but there is no changelog. You can try version 1.1 and see if you still get the error.

Please note that you have to agree to their EULA to download the rootkit from now on, although the download link is still the same:

Have searched the Sophos knowledge base but found no reference to the error messages relating to the registry so far.

Maybe some software was locking up the registry for protection?

 

Chubb, thanks for checking into the warning message. I downloaded version 1.1, and got the same message when I ran the scan. It looks like I have the same problem with the new version.

 

Could it be that both of you are using some Registry securing or watching programm like SSM or Snoopfree which maybe block scanning the registry or block dumping hives?

 

It would have to be one of the security programs I use doing it without me being aware it fuctioned that way, which is certainly possible.

 

@Tommy

I am also using SSM (paid version) with registry monitoring but I didn't get that registry warning message.

@Cloudcroft

What other security software are you using?

 

Chubb

I have Norton Internet Security 2006, BOClean, Spywareblaster, Spybot (teatimer not enabled) and AdAware. I have Ewido and A Squared free versions for on demand scanning only, and just installed SuperAntiSpyware free for scanning. I also have IE Spyads and use a host file. I have Windows Defender installed, but currently disabled. Oh, yeah, I also have Process Guard installed but also disabled at this time.

I installed Sophos Anti-Rootkit 1.1 on two computers at work today, one an older PIII Dell, the other, a new Dell. I got the warning message when I tried to scan the new Dell, but the scan worked fine on the older machine. Both have NAV 2006, Spybot, AdAware, Spywareblaster, and SuperAntiSpyware free. Thanks for your help.

 

You have quiet a nice collection of security software on your machine. Are you a collector. Sorry.

Back to the roots. Have you tried to disable all the other security software and trying than again? I think their is a incompatibility from SAR with one of the other programs? When you disable other software make sure that also the possible services, background threats, processes, etc. of these programs are complitly shutdown and killed

 

I forgot to mention TDS-3 thats still installed on the machine. (that's how I came by Process Guard) Actually, I do enjoying checking out security software on occasion, so does that qualify me as a collector?

 

Maybe a compability issue. Not sure what the cause is. Since Sophos Anti-Rootkit is an on-demand scanner only, something might have intercepted the rootkit scanner. I checked the Sophos knowledge base again but there is no hints on it.

Hm.... Maybe you can try using this form to report the issue.

http://www.sophos.com/support/query/

Since Anti-Rootkit is a new release, they would be happy to know the bugs (maybe) so that they can polish the product to make it better.

 

Wondering if anyone has figured out why some of us are having trouble scanning the registry with sophos anti-rootkit. Cloudcroft,Aigle any luck ?
I have allowed it in my f/w,and disabled my other security software trying to figure this out.(disconnected from the internet of course) no luck at this end.
Would like to get it working properly as i do want 1 stable anti-root kit scanner as i have everything else covered.(at least i think i do) Maybe someone can suggest something better to use.If I figure this out I will post back.

 

I am posting this again because my post was lost...

I found the following information from the readme file of Sophos Anti-Rootkit 1.1:

Although the known issue does not mention about the registry, it maybe due to the same bug. Is there an ignore button in the error message window that allows you to ignore and proceed?

 

no,there is no ignore button to contiue the scan.Thanks for the info of the bugs, Chubb.I am still trying to see if it is a conflict with something else on my system.Is there any anti-root scanners out there that are reliable and simple to use and understand?

 

I have reported your findings to Sophos support, together with one minor display bug. See if they would answer my question.

The minor display bug:

http://img68.imageshack.us/img68/9733/antirootkit11displayproblemgo1.png

I click "Help" on the main screen, then close the Help window, the wording "Sophos Anti-Rootkit" would disappear on the main screen.

 

I was just able to make a complete scan,it scanned the regestry extremly slow and displays the error message so it apperes to have stopped the scan.I had left it on after i got the message again,came back 20 min later and noticed it was running.Still does not explain the error message that keeps popping up but at least it completes scan. thanks for your help chubb and let us know if sophos answers you.

 

It finished scanning my registry in 1 min 44 sec.

BTW, are you logged in as an Adminstrator?

 

yes i am

 

Chubb, I'm logged in as administrator, and the last time I tried a scan, it took close to 30 minutes.

 

Maybe it is a bug of the Sophos Anti-Rootkit itself, not related to your security software setup. Hope Sophos will answer my question soon.

 

Received a prelimiary reply from Sophos technical support. They said that my query is under investigation and a resolution or feedback will be provided as soon as possible.

 

Thanks for the help, Chubb. I look forward to hearing their reply.

 

Howdy people! Searching the net this was the most relevant thread for my problem, so I joined up and hope for a helpful reply

I'm no expert, but the combination of hidden items in the attached image certainly seem to look suspicious! I'll await some feedback and give further details of my situation if anyone cares to point me in the right direction..

 

Received the reply today. A technical support staff said that the issue has been forwarded to development for request of a future fix. That means, they may have reproduced and confirmed the problem and I suppose a fix will be on the way soon.

 

Are you using the administrator account to log into Windows?