Rootkit Revealer found 2 registry files: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System* (O&O Defrag?) HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Prefetcher\TracesProcess Anyone knwo what the are for sure?
Hi r00t, The O&O key is harmless. It is part of O&O products' (such as O&O Defrag) install procedure. The prefetcher key (which is not hidden on my system) may have changed while RootkitRevealer was scanning and comparing the registry. If it did, it will be flagged as a suspicious mismatch. Nick
I found 3 registry keys with embedded nulls: HKLM\SYSTEM\ControlSet00n\Services\||||*9052-97CA-4621-8519-3FE5D506CF51} Should I be worried? signed, novice and naive
Hi judorock, Generally, if the key and its contents are visible in Windows' registy editor, then it is not related to a rootkit. If you are comfortable with regedit, check to see if they are visible. Note that n is a variable representing a number and that you may have two or more ControlSet... keys. If you need help, I can walk you through it. Nick
there are three lines where n=1, 2, and 3 I've never used regedit and only know enough to be scared of really mucking things up. Sounds like I might be able to use regedit just to look at things?
It is safe to view the registry with regedit. You will be asked to confirm deletions if you accidentally try to delete something, and making most changes is usually a multi-step procedure. However, it is a good practice to make regular registry backups using something like ERUNT. Nick