Discrepancy in Rootkit results....

Home build / HOME PREMIUM
July 25, 2009 at 02:47:14
Specs: XP Pro/Vista (Dual), P4/3.1 3gig
This week I was invaded by a virus the name of which was something like "System something 2009". I was that angry I forgot to make note of the name and getting older does not do the memory much good these days. It played absolute havoc with my PC and in desperation I re-installed the entire system from a previous Macrium back-up.

To make sure that all would be well I made sure my anti virus was up to date and I scanned all partitions, external drives and even my memory sticks. I am now satisfied that all is well.

Just to make doubly sure I downloaded two Anti-Rootkits which were recommended elswhere in these pages and I got two different results.

The Anti-Rootkit from Sophos found no rootkit traces but the one from Sysinternals (RootkitRevealer v1.71) shows 63 "discrepancies" in the Registry Hive Data. Every one of the entries have some detail and end with the statement "Visible in Windows API, directory index, but not in MFT." or "Visible in Windows API, directory index, but not in MFT or directory index." There are other variations but no Registry Keys shown indicate that some hack device driver is present.

My question therefore is "are both results indicative that my system is OK or does one of them indicate trouble?"



See More: Discrepancy in Rootkit results....

Report •

July 25, 2009 at 07:14:32
You're not supposed to cross post in multiple forums. You already asked in the Security & Virus forum....wait for a reply.

Report •

July 25, 2009 at 17:26:39
I know that Jam... I have no idea how I came to post in two forums... maybe it's all these new buttons and things!


Report •

Related Solutions

Ask Question