I'm still "chasing my tail," trying to run SI's RootKitRevealer, can't get it to install and run (but it has in the past). I think it is due to PG be it an error on my part in PG settings, perhaps for services.exe or something else. And, I read that RKR now uses a random name generator as part of its process to fool black hats if they are perchance on one's PC, which may in turn buffalo PG. (?) Get different error msgs., when trying to run RKR, depending on if I check or uncheck the "allow driver" for services.exe but I still can't get RKR to load/run: this is driving me nuts, on principle alone... HOW do I get RKR to fire up, & get it by PG (if that's the holdup)? In short, what might I be doing wrong here? Ideas? Many thanks, for help, SG1 (Pat)
Hello Pat, There is a good chance the answer lies in the below thread. Process Guard and RootkitRevealer Let us know how it goes, Bubba
Bubba; Thanks for your reply and info. BUT, enclosed are screencaps of the error msgs. I get, depending on if I check or uncheck box in PG for services.exe, per Wayne's (DCS-AU) note about that. Thanks again, SG1 (Pat)
Sorry - hit the one image limit per post (I think). Here is 2nd screencap re error msgs., in trying to get RKR to fire up. SG1 (Pat)
SG1 you pretty much figured out the problem with RKR and PG with the random name generation. The permissions set for the current name are useless the next time you run RKR. The only reliable way to run it is to disable PG before starting RKR and then enable it when you are done.