Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > RootkitRevealer Logs
  New Posts New Posts RSS Feed - RootKitRevealer installs Services?
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

RootKitRevealer installs Services?

 Post Reply Post Reply
Author
Message
WyeKnott View Drop Down
Newbie
Newbie


Joined: 13 August 2008
Location: United States
Status: Offline
Points: 3
Post Options Post Options   Thanks (0) Thanks(0)   Quote WyeKnott Quote  Post ReplyReply Direct Link To This Post Topic: RootKitRevealer installs Services?
    Posted: 31 March 2018 at 7:27pm
I'm finding three services installed on my server.  NADU.EXE, JJA.EXE, and E. EXE.
All are signed with a certificate that has various dates.
All say "this digital signature is not valid".
Their properties all claim they're RootKitRevealer services.

Are they legitimate?
I'm fighting a persistent infector and have been grasping at straws here.

Thanks,
Wye
Back to Top
Dax1792 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 15 March 2011
Status: Offline
Points: 915
Post Options Post Options   Thanks (0) Thanks(0)   Quote Dax1792 Quote  Post ReplyReply Direct Link To This Post Posted: 31 March 2018 at 8:12pm
RootkitRevealer does generate a randomly named service each time it runs.
 
However, it will only run on Windows XP era operating systems. It hasn't been updated for at least 10 years and would be useless against anything modern.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.06
Copyright ©2001-2016 Web Wiz Ltd.