Please help.

Discussion in 'malware problems & news' started by Meed, Apr 8, 2007.

Thread Status:
Not open for further replies.
  1. Meed

    Meed Registered Member

    Joined:
    Jul 28, 2004
    Posts:
    22
    Hey, A friend gave me this niffty program called RootkitReveler the other day, and i used it to scan my system, this is what it came up with:

    HKLM\S-1-5-21-2165517387-2781504589-1887795725-1006\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger 09/04/2007 13:45 3 bytes Data mismatch between Windows API and raw hive data.

    HKLM\S-1-5-21-2165517387-2781504589-1887795725-1006\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 09/04/2007 13:07 0 bytes Key name contains embedded nulls (*)

    HKLM\SOFTWARE\Classes\CLSID\{2216D9DB-920A-B7BB-D8AF-09633D5A378D}\InProcServer32* 16/03/2007 09:34 0 bytes Key name contains embedded nulls (*)

    HKLM\SOFTWARE\Zone Labs\ZoneAlarm\IncomingCount 09/04/2007 13:56 4 bytes Data mismatch between Windows API and raw hive data.

    HKLM\SOFTWARE\Zone Labs\ZoneAlarm\BlockCount 09/04/2007 13:56 4 bytes Data mismatch between Windows API and raw hive data.

    I told him about the results, and he said that the SecuROM & InProcServer32* findings could be bad, and told me to ask here, since the main forums for RR are locked at the moment. Dose anyone know what these two entry are ? I did a google search on both of them, and i got some good hits on other forums about them, unfortunately the forums were in another language (might have been Russian/Korean)

    Thx, Meed.

    ps - sorry if this is the incorrect forum for this issue, but "malware probs & news" was the only one that seemed the most relevant.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,239
    Hello,
    First, do not use tools you do not understand.
    Second, there's a fair bit of explanantion on sysinternal forums explaining various entries found in the RKR logs.
    Third, a single scan by a single tool is never an indication to anything.
    Mrk
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.