Rootkit Revealer Log

  frostysnowman 11:49 24 Feb 2008
Locked

Could anybody please advise me of the items listed in the log after using Rootkit Revealer. Any advice ap[reciated. Thanks.

HKLM\SECURITY\Policy\Secrets\SAC* 20/07/2007 11:35 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 20/07/2007 11:35 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp 24/02/2008 11:28 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\CE524FFA.TMP 24/02/2008 11:31 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\D9896B39.TMP 24/02/2008 11:31 0 bytes Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SPBBC\2008-02-24-02a7.kc 24/02/2008 11:29 180.31 KB Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SPBBC\2008-02-24-7613.kc 24/02/2008 11:12 180.31 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 24/02/2008 11:31 440 bytes Hidden from Windows API.

  mfletch 13:35 24 Feb 2008

Show your hidden files then do another scan,

Do not remove anything there are entries for Norton in the list,

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Under the Hidden files and folders heading SELECT Show hidden files and folders.
UNCHECK the Hide protected operating system files (recommended) option.
UNCHECK the Hide extensions for known file types option.
Click Yes to confirm.
Click OK

mfletch

  frostysnowman 13:40 26 Feb 2008

Thanks for your reply. I tried what you suggested but I forgot to uncheck the hide extensions for known file types box. When I scanned the PC I had just 2 discrepancies. These were:
(HKLM\SECURITY\Policy\Secrets\SAC) and (HKLM\SECURITY\Polixy\Secrets\SAI).
However when I went back and unchecked the Hide extensions for known file types box and scanned again I got the same result as my initial log(which I submitted for advice).
Finally since I image my hard drive regularly I decided to recover from my latest image. When this had completed I updated Norton NIS2007 and used CCleaner. I then went to Folder Options and Under the Hidden files and folders heading selected Show hidden files and folders. I also
unchecked the Hide protected operating system files (recommended) option and unchecked the Hide extensions for known file types option and tried scanning again. Below is the log from this scan.
HKLM\SECURITY\Policy\Secrets\SAC* 20/07/2007 11:35 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 20/07/2007 11:35 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp 26/02/2008 13:05 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\65B7B958.TMP 26/02/2008 13:08 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\9300F055.TMP 26/02/2008 13:08 0 bytes Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\SPBBC\2008-02-26-6408.kc 26/02/2008 12:59 14.28 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\SPBBC\2008-02-26-6936.kc 26/02/2008 13:06 180.31 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\EventCache\{36F5CE26-4176-4F65-ACC3-7CBA9DE21ACB}.bin 26/02/2008 13:05 0 bytes Hidden from Windows API.
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 26/02/2008 13:08 440 bytes Hidden from Windows API.
I am puzzled why I cannot arrive back at the scan results which showed just 2 discrepancies. I have also noted that the additional scan results all have todays stamp date on them. Is there anything to worry about with these results. I have scanned my PC with numerous Antispyware utilities but they all show clear. Any advice again appreciated.

  cocteau48 14:01 26 Feb 2008

Have you run one of the free anti rookit programs?
AVG
click here
F Secure Backlight
click here
Sophos anti rootkit
click here

  frostysnowman 21:10 27 Feb 2008

Thanks for your reply. I tried F Secure Backlight and the AVG Free Anti Rootkit program and they both showed all clear.

  mima 23:50 27 Feb 2008

.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Best phone camera 2017

Stunning new film posters by Hattie Stewart, Joe Cruz & more

iPad Pro 10.5in (2017) review

28 astuces pour profiter au mieux de votre iPhone