Installing some Windows Internals Utlities, anything I should know?

Discussion in 'other anti-malware software' started by Happy-Dude, Feb 9, 2007.

Thread Status:
Not open for further replies.
  1. Happy-Dude

    Happy-Dude Registered Member

    Joined:
    Aug 28, 2006
    Posts:
    54
    Location:
    United States of America
    Heya guys :) !! Just wondering, I'm stalling Process Explorer and Rootkit Revealer onto my PC and I'm wondering if there's anything I should know. I'm pretty confident about Process Explorer and it's functionality, but I'm more concerned on Rootkit Revealer.

    Any heads up before I install the two ? All info are appreciated :) !!
     
  2. Happy-Dude

    Happy-Dude Registered Member

    Joined:
    Aug 28, 2006
    Posts:
    54
    Location:
    United States of America
    **Correction: Sysinternals Utilities.**

    Also, Rootkit Revealer found these registry values (can't really copy and paste):

    Path: HKLM/SECURITY/Policy/Secrets/SAC* Timestamp: 10/14/04 6:51 PM Size: 0 bytes Description: Key contains embedded nulls (*)

    Path: HKLM/SECURITY/Policy/Secrets/SAI* Timestamp: 10/14/04 6:51 PM Size: 0 bytes Description: Key contains embedded nulls (*)

    Path: HKLM/SOFTWARE/Microsoft/Cryptography/RNG/Seed Timestamp: 2/9/2007 7:39 PM Size: 80 bytes Description: Data mismatch between Windows API and raw hive data

    Path: HKLM/SOFTWARE/Novatix/Cyberhawk/ProcessCount Timestamp: 7:39 PM Size: 4 bytes Description: Data mismatch between Windows API and raw hive data

    I'm wondering if they are anything to worry about ... I'm familiar with Microsoft things (kinda) and Novatix Cyberhawk. Also, it said cmd.exe (which I believe is a COMODO Firewall process) prevented the scan from completing. Thats all I can give right now. Thanks the for info !!
     
  3. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    cmd is part of windows:
    http://www.liutilities.com/products/wintaskspro/processlibrary/cmd/

    Comodo's processes are cpf.exe (GUI) and cmdagent.exe (Comodo Agent Service).
     
  4. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Of course, cmd.exe is in C:\Windows\system32 . Worth checking:D
     
  5. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Nothing to worry about, and no rootkit, all false positives.


    StevieO
     
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I'm kind of surprised, I would have thought UniBlue to know better than that. DOS is an operating system, "Direct Operating System". The command line console is neither "direct" nor an operating system. Not even cmd.exe can directly access the hardware the way DOS does. I can understand how a user might make that mistake, but UniBlue?
     
  7. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Notok, it's probably because it serves the purpose. Look, it's just like DOS!
    I didn't even read it, i just trust that site to provide accurate definitions, as in better than me... Sorry for the imprecision
     
  8. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Just shut everything down before running RR.

    Direct Operating System?
     
  9. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Disk Operating System:)
     
  10. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Yeah Disk, just wondered where Notok got it from, never heard it called Direct Operating System, seen Dirty as in QDOS...Quick & Dirty.:)
     
Loading...
Thread Status:
Not open for further replies.