rootkitrevealer installing a service?

I have run it several times but never have I seen it try to install a service. I have googled it and found nothing. Does anyone know what this is and is it ok? Thank you.

MSYSVOKQT.exe

http://img71.echo.cx/img71/3663/rootkit4tm.jpg

 

I thought RootkitRevealer 1.4 has this thing where it creates a random process whenever it runs to try to keep from being detected by a rootkit. If you run it again it should have another 'different' random process name that WinPatrol will again warn you about. WinPatrol does that for me every time. Now if you get the same process name every time, then I would be worried. It should be a different random process name every time you run RootkitRevealer.

 

Yeah ok, I had an older version and never saw these pop-ups
http://img71.echo.cx/img71/7510/another0sc.png

Then again it continues to error:

http://img71.echo.cx/img71/6384/error8db.jpg

 

If I run RootkitRevealer 1.4 not only does WinPatrol warn me of a new service, but MSAS also warns me of the same thing- same random name as WP. You can see for yourself with WinPatrol. After starting RootkitRevealer 1.4 right click on the WinPatrol icon in the systray, select 'display services'. You should then see the service that WinPatrol warned you about and you'll also see that it will no longer be listed there after RootkitRevealer finishes. So the service is temporary.

If you want WP to warn you more quickly make sure it is set to do so. I think the default setting is several minutes before it will warn you of a new service being installed.

 

Thanks guys. Now how do I fix the dump errors?

 

Not sure about that. Hopefully someone will post who knows more about it.

 

Yea I had the same question about it before https://www.wilderssecurity.com/showthread.php?t=79276 as for the dump errors I am not sure.

 

Thanks. I guess I thought I was unique - - I should have searched the board!

Anyway, those dump errors are rendering this useless I suppose. Maybe it's a rootkit conspiracy to avoid detection!

 

I don't want to scare you Lynchknot but I would ask at other forums if no on answers you here. Try http://www.dslreports.com/forum/security they have some real good rootkit experts over there. You don't even have to join at Dslreports like Wilders. Keep asking till you find out for sure because it doesn't look good to me. Like I said i'm not trying to scare you, it could be nothing, but I would do all I could to find out and fast. Also http://www.castlecops.com is pretty good too.

 

What doesn't look good? The dump error or the fact, in my other thread, that IE was running in Outpost while not in Taskmanager - or both! BTW, after reboot - I don't see IE running anymore.

**edit - 46 view no replies over at dsl.

 

hehe, yeah some real "experts" as dsl: http://www.dslreports.com/forum/remark,13551407

but hey, i'm just glad someone responded at least. Just give it time, I know. Someone will come around that knows their stuff.