|
any rootkits here? |
Post Reply 
|
| Author | |
janimal 
Newbie 
Joined: 01 May 2006 Online Status: Offline Posts: 1 |
 Quote Reply
 Topic: any rootkits here?Posted: 01 May 2006 at 12:53pm |
|
i've been having a problem with mft information evaporating spontaneously, which is nice. i've done a rootkit scan, and here are the rsults. anything here that could be causing my problem?
HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90 E8365B85CFCF6\ProductName 14/09/2005 21:29 26 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System* 14/09/2005 20:39 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9 F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName & nbsp; 11/01/2006 23:07 26 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg40&nbs p; 22/04/2006 09:28 0 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg41&nbs p; 01/04/2006 02:20 0 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg42&nbs p; 01/04/2006 02:20 0 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg43&nbs p; 01/04/2006 02:20 0 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg44&nbs p; 01/04/2006 02:20 0 bytes Hidden from Windows API. O:\E-Mule\Temp\001.part.met 25/04/2006 15:25 1.51 KB Hidden from Windows API. O:\E-Mule\Temp\004.part.met.neo 25/04/2006 14:55 160 bytes Visible in Windows API, directory index, but not in MFT. O:\E-Mule\Temp\005.part.met 25/04/2006 14:55 1.90 KB Visible in Windows API, directory index, but not in MFT. O:\E-Mule\Temp\008.part.met 25/04/2006 14:49 1.53 KB Visible in Windows API, directory index, but not in MFT. O:\E-Mule\Temp\008.part.met.neo 25/04/2006 15:26 129 bytes Hidden from Windows API. O:\E-Mule\Temp\010.part.met.neo 25/04/2006 14:55 293 bytes Visible in Windows API, directory index, but not in MFT. O:\E-Mule\Temp\028.part.met 25/04/2006 15:25 1.76 KB Hidden from Windows API. O:\E-Mule\Temp\035.part.met 25/04/2006 15:25 6.93 KB Hidden from Windows API. O:\E-Mule\Temp\035.part.met.neo 25/04/2006 14:55 514 bytes Visible in Windows API, directory index, but not in MFT. O:\E-Mule\Temp\044.part.met 25/04/2006 15:26 4.06 KB Hidden from Windows API. O:\E-Mule\Temp\058.part.met 25/04/2006 15:26 9.38 KB Hidden from Windows API. O:\E-Mule\Temp\058.part.met 25/04/2006 15:25 9.40 KB Hidden from Windows API. O:\E-Mule\Temp\058.part.met.neo 25/04/2006 14:50 542 bytes Visible in Windows API, directory index, but not in MFT. also, is it possible that o&o defrag is damaging my mft? i've ruled out all the hardware as the source of the problem. |
|
 |
|
|
namrehto
Senior Member 
Joined: 23 June 2005 Location: Scotland Online Status: Offline Posts: 3861 |
Quote Reply
Posted: 01 May 2006 at 1:05pm |
|
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System* - O&O Defrag, which you say you have.
HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90 E8365B85CFCF6\ProductName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9 F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName HKLM\SYSTEM\ControlSet001\Services\Vax347s\Config\... - due to Alcohol The rest look like false positives, presumably created by eMule running in the background. If the timestamps of 25/4/06 correspond with when you ran the RKR scan, that would clinch it. Run RKR again without such background tasks running. |
|
|
Gil
|
|
|
|
|
Post Reply
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Topic Options