Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > RootkitRevealer Logs
  FAQ FAQ  Forum Search   Events   Register Register  Login Login


 Post Reply Post Reply
namrehto View Drop Down
Senior Member
Senior Member

Joined: 23 June 2005
Location: Scotland
Status: Offline
Points: 3876
Direct Link To This Post Topic: PLEASE READ BEFORE POSTING
    Posted: 01 January 2006 at 5:48am
Use of RootkitRevealer (RKR) and this forum
  1. Please study the RKR web page carefully.

    It contains essential information about what RKR does, how to use it and how to interpret the results.

  2. Don't use your computer while RKR is scanning.

    Start RKR, wait about 10 seconds, click Scan, then leave computer untouched until it completes. An idle machine will minimise the possibility of false positive reports caused by changes to the system during the scan. Background processes may still make intermittent changes, but resulting discrepancies tend to be obvious from their registry or filesystem branch; on a re-scan many may not recur.

  3. Save the discrepancy list to text file as needed.

    Using the File->Save dialog, select "My Computer" and work down to a suitable folder. The "My Documents" and "Desktop" buttons point to a System user's folders.

  4. Use the search feature in the RKR forums.

    For questionable discrepancies, search using a distinctive part of the registry key or path name. Very frequently the same item has appeared before and been commented upon. Often they turn out to be innocuous.

  5. Search Google.

    Googling a distinctive part of the registry key, especially the CLSID, can often lead to forum reports of the application responsible. Similarly, googling filenames may lead to removal advice if malicious. If using long strings copied from posts, ensure that no extra blanks have become embedded in the search string.

  6. If these options don't help, please post on the RKR forums.

    If you have problems with RKR usage or suspect an RKR malfunction, post on RootkitRevealer Usage
    If you suspect an infection, post on RootkitRevealer Logs

    When posting a log, paste either the full text log or a representative subsection if it's too large. Screen images are less helpful as they're not searchable. Unless you're commenting on an existing thread, please open a new topic with your issue; don't hijack someone else's.

Edited by Karlchen - 13 August 2007 at 8:24am
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.06
Copyright ©2001-2016 Web Wiz Ltd.