Do I have a genuine rrrrootkit?

Do I have a genuine rrrrootkit?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Do I have a genuine rrrrootkit? Massimo 04-21-2008
Posted by Massimo on April 21, 2008, 12:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello,

I did a full scan of my system with Avira virusscanner Free Version
and it found nothing.
Then a rootkit scan with Blacklight and it found nothing
After that a rootkit scan with Trend Micro's Rootkit Buster: it found
nothing.
Finally I did a rootkit scan with Avira's Anti Rootkit Tool and it
found this:

Results:
Hidden key :
HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected
Storage System
Provider\S-1-5-21-1614895754-796845957-682003330-1004\data
Hidden value :
HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected
Storage System Provider\S-1-5-21-1614895754-796845957-682003330-1004
-> migrate

Now I am not an expert and I am asking myself what to do with these
findings.
Do they point to a rootkit? And if so, what should be my next actions?

Thanks,

Massimo

Posted by Tom on April 21, 2008, 5:19 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Massimo wrote:
> Hello,
>
> I did a full scan of my system with Avira virusscanner Free Version
> and it found nothing.
> Then a rootkit scan with Blacklight and it found nothing
> After that a rootkit scan with Trend Micro's Rootkit Buster: it found
> nothing.
> Finally I did a rootkit scan with Avira's Anti Rootkit Tool and it
> found this:
>
> Results:
> Hidden key :
>
HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected
> Storage System
> Provider\S-1-5-21-1614895754-796845957-682003330-1004\data
> Hidden value :
>
HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected
> Storage System Provider\S-1-5-21-1614895754-796845957-682003330-1004
> -> migrate
>
> Now I am not an expert and I am asking myself what to do with these
> findings.
> Do they point to a rootkit? And if so, what should be my next actions?
>
> Thanks,
>
> Massimo
I wouldn't worry much about it, I have the almost same key in my system,
mine ends in 1003 instead of 1004, but that may just mean different OS
version.

Posted by Massimo on April 21, 2008, 7:15 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello Tom,


>Massimo wrote:
>> Hello,
>>
>> I did a full scan of my system with Avira virusscanner Free Version
>> and it found nothing.
>> Then a rootkit scan with Blacklight and it found nothing
>> After that a rootkit scan with Trend Micro's Rootkit Buster: it found
>> nothing.
>> Finally I did a rootkit scan with Avira's Anti Rootkit Tool and it
>> found this:
>>
>> Results:
>> Hidden key :
>>
HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected
>> Storage System
>> Provider\S-1-5-21-1614895754-796845957-682003330-1004\data
>> Hidden value :
>>
HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected
>> Storage System Provider\S-1-5-21-1614895754-796845957-682003330-1004
>> -> migrate
>>
>> Now I am not an expert and I am asking myself what to do with these
>> findings.
>> Do they point to a rootkit? And if so, what should be my next actions?
>>
>> Thanks,
>>
>> Massimo
>I wouldn't worry much about it, I have the almost same key in my system,
>mine ends in 1003 instead of 1004, but that may just mean different OS
>version.

Thank you for your reaction.
And why should I stop worrying about *my* rootkit only because you too
have one?? :-))

Massimo

Posted by Tom on April 22, 2008, 4:13 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Massimo wrote:
> Hello Tom,
>
>
>
>>Massimo wrote:
>>
>>>Hello,
>>>
>>>I did a full scan of my system with Avira virusscanner Free Version
>>>and it found nothing.
>>>Then a rootkit scan with Blacklight and it found nothing
>>>After that a rootkit scan with Trend Micro's Rootkit Buster: it found
>>>nothing.
>>>Finally I did a rootkit scan with Avira's Anti Rootkit Tool and it
>>>found this:
>>>
>>>Results:
>>>Hidden key :
>>>HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected
>>>Storage System
>>>Provider\S-1-5-21-1614895754-796845957-682003330-1004\data
>>>Hidden value :
>>>HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected
>>>Storage System Provider\S-1-5-21-1614895754-796845957-682003330-1004
>>>-> migrate
>>>
>>>Now I am not an expert and I am asking myself what to do with these
>>>findings.
>>>Do they point to a rootkit? And if so, what should be my next actions?
>>>
>>>Thanks,
>>>
>>>Massimo
>>
>>I wouldn't worry much about it, I have the almost same key in my system,
>>mine ends in 1003 instead of 1004, but that may just mean different OS
>>version.
>
>
> Thank you for your reaction.
> And why should I stop worrying about *my* rootkit only because you too
> have one?? :-))
>
> Massimo
Allow me to re-phrase that. I don't think it's a rootkit.

Posted by Massimo on April 23, 2008, 11:46 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello,


>Massimo wrote:
>> Hello Tom,
>>
>>
>>
>>>Massimo wrote:
>>>
>>>>Hello,
>>>>
>>>>I did a full scan of my system with Avira virusscanner Free Version
>>>>and it found nothing.
>>>>Then a rootkit scan with Blacklight and it found nothing
>>>>After that a rootkit scan with Trend Micro's Rootkit Buster: it found
>>>>nothing.
>>>>Finally I did a rootkit scan with Avira's Anti Rootkit Tool and it
>>>>found this:
>>>>
>>>>Results:
>>>>Hidden key :
>>>>HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected
>>>>Storage System
>>>>Provider\S-1-5-21-1614895754-796845957-682003330-1004\data
>>>>Hidden value :
>>>>HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected
>>>>Storage System Provider\S-1-5-21-1614895754-796845957-682003330-1004
>>>>-> migrate
>>>>
>>>>Now I am not an expert and I am asking myself what to do with these
>>>>findings.
>>>>Do they point to a rootkit? And if so, what should be my next actions?
>>>>
>>>>Thanks,
>>>>
>>>>Massimo
>>>
>>>I wouldn't worry much about it, I have the almost same key in my system,
>>>mine ends in 1003 instead of 1004, but that may just mean different OS
>>>version.
>>
>>
>> Thank you for your reaction.
>> And why should I stop worrying about *my* rootkit only because you too
>> have one?? :-))
>>
>> Massimo
>Allow me to re-phrase that. I don't think it's a rootkit.

Allright, thank you!

Massimo


Similar ThreadsPosted
McAfee virus removal service - Genuine? February 27, 2008, 3:19 am

The site map in XML format XML site map

Contact Us | Privacy Policy