Hey, A friend gave me this niffty program called RootkitReveler the other day, and i used it to scan my system, this is what it came up with: HKLM\S-1-5-21-2165517387-2781504589-1887795725-1006\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger 09/04/2007 13:45 3 bytes Data mismatch between Windows API and raw hive data. HKLM\S-1-5-21-2165517387-2781504589-1887795725-1006\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 09/04/2007 13:07 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{2216D9DB-920A-B7BB-D8AF-09633D5A378D}\InProcServer32* 16/03/2007 09:34 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Zone Labs\ZoneAlarm\IncomingCount 09/04/2007 13:56 4 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Zone Labs\ZoneAlarm\BlockCount 09/04/2007 13:56 4 bytes Data mismatch between Windows API and raw hive data. I told him about the results, and he said that the SecuROM & InProcServer32* findings could be bad, and told me to ask here, since the main forums for RR are locked at the moment. Dose anyone know what these two entry are ? I did a google search on both of them, and i got some good hits on other forums about them, unfortunately the forums were in another language (might have been Russian/Korean) Thx, Meed. ps - sorry if this is the incorrect forum for this issue, but "malware probs & news" was the only one that seemed the most relevant.
Hello, First, do not use tools you do not understand. Second, there's a fair bit of explanantion on sysinternal forums explaining various entries found in the RKR logs. Third, a single scan by a single tool is never an indication to anything. Mrk