Weburl Rootkit

Discussion in 'malware problems & news' started by Graphic Equaliser, May 10, 2007.

Thread Status:
Not open for further replies.
  1. Graphic Equaliser

    Graphic Equaliser Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    411
    Location:
    London England UK
    I have searched the net and I cannot find this strange entry I discovered using Rootkit Revealer. It caught 2 entries, one for the "RNG Seed" (which was expected) and another with "weburl" in the name. The PC user has trouble using IE (it is really slow), but Firefox seems OK. However, this PC will not talk to other PCs on the Windows peer-to-peer network, despite having made the entire Documents and Settings directory shared and writable! It is a Windows XP SP2 PC and when I sign in as administrator under safe mode, I can set advanced security attributes but they won't "stick". I can check "Full Control" and then "Apply" but all the ticks disappear and there are still no rights. Any ideas? :doubt:
     
  2. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    This cryptographic rng seed is strange indeed. Under circumstances may be a hint for rk activity.
     
  3. Graphic Equaliser

    Graphic Equaliser Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    411
    Location:
    London England UK
    No, the RNG seed is usually changed whenever some resident software uses a Windows-generated random number, as in cryptography, for example. This is not the one I'm worried about. What the heck is "weburl"?
     
  4. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    weburl is nothing special to worry about, this phenomenon occurs very often

    I forgot the url, it was a french rootkit researcher, there you see this rng seed stuff many times occuring in context with rootkit infections.. but probably seems like you mentioned nothing special at all if it occurs alone.
     
Loading...
Thread Status:
Not open for further replies.