RKR freezing...

 Karl...Omg cant believe i found you just searching the net for my rootkit revealer error....where you been bro!?

Miss you in CoD come play!

ok to get a tad more serious bro..i have error in Rootkit revealer to run program:(error loading helper driver access is denied) any help would be greatly Apreciatted.

Ok got it to run:

 

 

 

peace bro!

 

Edited by Fatal - 27 February 2007 at 4:46pm

Your English is fine!
Yes, I showed hidden devices, and opened every thread... nothing.

I tried Dark Spy, but it didn't seem to analyze anything.  I'd dump a hive, and then do the offline analyze, and it just seemed to show the whole hive tree.  But it's ok ;)

I ran RKR again, this time it finished the scan, although it took much longer than usual.  And it crashed, when I tried to save the results.
So, I have to scan it again.  There were a couple of entries, but nothing that looked like a problem, although I only looked quickly, before I tried to save the results.
It took 20 minutes to dump one hive, with no apparent disk activity.
That is probably what was happening earlier, and I just didn't wait.
I would minimize RKR, and it would freeze.  This time, I was going to give it an hour, before touching anything.

I'll let you know how the next scan is.
And thank you again, for your kind help!

Edited by burf - 17 February 2007 at 11:24am

Thanks, Karl!
I cleaned up the services, and saw nothing strange in device manager.

For a while, I was wondering what those *strange* services were.
I discovered earlier today, that they must be RKR remnants, when after the crash, I actually saw the exe file in the temp folder.

After posting, I actually ran IceSword, and everything looked fine.
I'll try DarkSpy (a new one for me)... then I'll try RKR again, and hopefully, it'll work this time.
I'll post back, afterwards.

Thanks again!



Edited by burf - 17 February 2007 at 9:46am

Hi - -  Periodically, I run RKR, and everything comes up normal.
Yesterday, in a brainlock moment, I ran a suspect file on my computer.
It installed a file in system32, ran it, and put it in my startup files.
I closed the file in task manager.  And removed the entry from startup
(HKLM...MS...Run)... and renamed the file.
I then ran a series of different scans, including Blacklight, and Sophos anti-rootkit... everything came up clean.
Then I ran RKR, and after a couple of seconds, it froze.
I waited 15 minutes, and nothing happened.
When I tried to minimize RKR, the whole computer froze.
RKR was stuck on dumping a hive.

Eventually, I shut down my computer, rebooted into recovery console, and did a chkdsk, which fixed some errors, then rebooted.
Everything is coming up clean, but any time I run RKR now, the same freeze happens.  This never happened before.

I'm not an *expert* with computers, but far from a novice.
Any ideas on what might be happening... and what I can do to make sure the computer is clean, would be appreciated.
I have full admin rights on my computer.

Thanks very much!!



Edited by burf - 17 February 2007 at 7:41am