Rootkit Revealer

Rootkit Revealer
Secure Home | Search | About
Login Password
Register Now! Lost Password?

Microsoft Antivirus Discussions - Anti-virus discussions related to Microsoft products 

Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Rootkit Revealer John Carter 06-02-2009
Posted by John Carter on June 2, 2009, 11:07 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I ran Rootkit Revealer from the WIN SYSUTILS package I downloaded from
Microsoft TECHNET site.

It did find some suspect files, but only gave me a list of them which I
saved. I then looked at the info given with the software, but it
really doesn't give me a clue as to how to determine wheteher or not I
should delete the suspects.

My system is Windows XP Pro SP3 plus all auto updates. My system has
been stable not showing any signs of "funnies" going on, no strange
files, no strange activity, etc.

Being of the "If you don't know anything about it, don't mess with it"
philosophy, I haven't tried to tamper with anything given in the list.
Does anyone here have any guidance as to what to do with rootkit
suspect files?

Thanks for any and all replies.
John Carter

Posted by Johnw on June 2, 2009, 11:52 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
John Carter wrote on 3/06/2009 :
> Does anyone here have any guidance as to what to do with rootkit
> suspect files?

Google them.



Posted by Kayman on June 3, 2009, 2:39 am
If you were  Registered and logged in, you could reply and use other advanced thread options
On Tue, 02 Jun 2009 20:07:44 -0700, John Carter wrote:

> I ran Rootkit Revealer from the WIN SYSUTILS package I downloaded from
> Microsoft TECHNET site.
>
> It did find some suspect files, but only gave me a list of them which I
> saved. I then looked at the info given with the software, but it
> really doesn't give me a clue as to how to determine wheteher or not I
> should delete the suspects.
>
> My system is Windows XP Pro SP3 plus all auto updates. My system has
> been stable not showing any signs of "funnies" going on, no strange
> files, no strange activity, etc.
>
> Being of the "If you don't know anything about it, don't mess with it"
> philosophy, I haven't tried to tamper with anything given in the list.
> Does anyone here have any guidance as to what to do with rootkit
> suspect files?
>
> Thanks for any and all replies.
> John Carter

Join:
http://forum.sysinternals.com/

Good luck :)

Posted by David H. Lipman on June 3, 2009, 6:34 am
If you were  Registered and logged in, you could reply and use other advanced thread options

| I ran Rootkit Revealer from the WIN SYSUTILS package I downloaded from
| Microsoft TECHNET site.

| It did find some suspect files, but only gave me a list of them which I
| saved. I then looked at the info given with the software, but it
| really doesn't give me a clue as to how to determine wheteher or not I
| should delete the suspects.

| My system is Windows XP Pro SP3 plus all auto updates. My system has
| been stable not showing any signs of "funnies" going on, no strange
| files, no strange activity, etc.

| Being of the "If you don't know anything about it, don't mess with it"
| philosophy, I haven't tried to tamper with anything given in the list.
| Does anyone here have any guidance as to what to do with rootkit
| suspect files?

| Thanks for any and all replies.
| John Carter

IFF you have suspicions of a RootKit then the *better* anti rootkit scanner to
run is
Gmer.
http://www.gmer.net/

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by 1PW on June 3, 2009, 6:26 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
John Carter wrote:
> I ran Rootkit Revealer from the WIN SYSUTILS package I downloaded from
> Microsoft TECHNET site.
>
> It did find some suspect files, but only gave me a list of them which I
> saved. I then looked at the info given with the software, but it
> really doesn't give me a clue as to how to determine whether or not I
> should delete the suspects.
>
> My system is Windows XP Pro SP3 plus all auto updates. My system has
> been stable not showing any signs of "funnies" going on, no strange
> files, no strange activity, etc.
>
> Being of the "If you don't know anything about it, don't mess with it"
> philosophy, I haven't tried to tamper with anything given in the list.
> Does anyone here have any guidance as to what to do with rootkit
> suspect files?
>
> Thanks for any and all replies.
> John Carter

Hello John:

You could try uploading suspect files to:

<https://www.virustotal.com/>

However, David H. Lipman's advice is very sound.

Pete
--
1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Similar ThreadsPosted
Is this a rootkit? July 2, 2006, 11:30 am
It's a rootkit? August 6, 2009, 6:11 am
RootKit August 28, 2009, 12:40 pm
Rootkit???? Have tried everything...literally... September 19, 2005, 3:14 pm
hacktool.rootkit October 20, 2005, 11:59 am
Rootkit and WindowsMe January 24, 2006, 9:17 am
Hacktool.Rootkit ?? May 31, 2007, 5:14 pm
WHICH is the best Rootkit PREVENTION software ? January 4, 2007, 5:52 pm
i am too tired and impatient for rootkit and others September 28, 2008, 2:58 am
Preventing rootkit.agent December 18, 2008, 2:58 pm

The site map in XML format XML site map

Contact Us | Privacy Policy