Click here to get back home

Do I have a genuine rrrrootkit?

Home | NewsGroups | Search | About

Login Password

microsoft.public.security.virus

Post an article

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

Subject

Author

Date

Do I have a genuine rrrrootkit?

Massimo

04-21-2008

Re: Do I have a genuine rrrrootkit?

Tom

Re: Do I have a genuine rrrrootkit?

Massimo

Re: Do I have a genuine rrrrootkit?

Tom

Re: Do I have a genuine rrrrootkit?

Massimo

Re: Do I have a genuine rrrrootkit?

Kayman

Re: Do I have a genuine rrrrootkit?

Dave Budd

Re: Do I have a genuine rrrrootkit?

Massimo

Re: Do I have a genuine rrrrootkit?

VanguardLH

Re: Do I have a genuine rrrrootkit?

Massimo

Re: Do I have a genuine rrrrootkit?

VanguardLH

Re: Do I have a genuine rrrrootkit?

Massimo

Posted by Massimo on April 21, 2008, 12:20 pm

Please log in for more thread options

Hello,

I did a full scan of my system with Avira virusscanner Free Version
and it found nothing.
Then a rootkit scan with Blacklight and it found nothing
After that a rootkit scan with Trend Micro's Rootkit Buster: it found
nothing.
Finally I did a rootkit scan with Avira's Anti Rootkit Tool and it
found this:

Results:
Hidden key :
HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected
Storage System
Provider\S-1-5-21-1614895754-796845957-682003330-1004\data
Hidden value :
HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected
Storage System Provider\S-1-5-21-1614895754-796845957-682003330-1004
-> migrate

Now I am not an expert and I am asking myself what to do with these
findings.
Do they point to a rootkit? And if so, what should be my next actions?

Thanks,

Massimo

Posted by Tom on April 21, 2008, 5:19 pm

Please log in for more thread options

Massimo wrote:

> Hello,

>

> I did a full scan of my system with Avira virusscanner Free Version

> and it found nothing.

> Then a rootkit scan with Blacklight and it found nothing

> After that a rootkit scan with Trend Micro's Rootkit Buster: it found

> nothing.

> Finally I did a rootkit scan with Avira's Anti Rootkit Tool and it

> found this:

>

> Results:

> Hidden key :

>

HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected

> Storage System

> Provider\S-1-5-21-1614895754-796845957-682003330-1004\data

> Hidden value :

>

HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected

> Storage System Provider\S-1-5-21-1614895754-796845957-682003330-1004

> -> migrate

>

> Now I am not an expert and I am asking myself what to do with these

> findings.

> Do they point to a rootkit? And if so, what should be my next actions?

>

> Thanks,

>

> Massimo

I wouldn't worry much about it, I have the almost same key in my system,
mine ends in 1003 instead of 1004, but that may just mean different OS
version.

Posted by Massimo on April 21, 2008, 7:15 pm

Please log in for more thread options

Hello Tom,

>Massimo wrote:

>> Hello,

>>

>> I did a full scan of my system with Avira virusscanner Free Version

>> and it found nothing.

>> Then a rootkit scan with Blacklight and it found nothing

>> After that a rootkit scan with Trend Micro's Rootkit Buster: it found

>> nothing.

>> Finally I did a rootkit scan with Avira's Anti Rootkit Tool and it

>> found this:

>>

>> Results:

>> Hidden key :

>>

HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected

>> Storage System

>> Provider\S-1-5-21-1614895754-796845957-682003330-1004\data

>> Hidden value :

>>

HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected

>> Storage System Provider\S-1-5-21-1614895754-796845957-682003330-1004

>> -> migrate

>>

>> Now I am not an expert and I am asking myself what to do with these

>> findings.

>> Do they point to a rootkit? And if so, what should be my next actions?

>>

>> Thanks,

>>

>> Massimo

>I wouldn't worry much about it, I have the almost same key in my system,

>mine ends in 1003 instead of 1004, but that may just mean different OS

>version.

Thank you for your reaction.
And why should I stop worrying about *my* rootkit only because you too
have one?? :-))

Massimo

Posted by Tom on April 22, 2008, 4:13 pm

Please log in for more thread options

Massimo wrote:

> Hello Tom,

>

>

>

>>Massimo wrote:

>>

>>>Hello,

>>>

>>>I did a full scan of my system with Avira virusscanner Free Version

>>>and it found nothing.

>>>Then a rootkit scan with Blacklight and it found nothing

>>>After that a rootkit scan with Trend Micro's Rootkit Buster: it found

>>>nothing.

>>>Finally I did a rootkit scan with Avira's Anti Rootkit Tool and it

>>>found this:

>>>

>>>Results:

>>>Hidden key :

>>>HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected

>>>Storage System

>>>Provider\S-1-5-21-1614895754-796845957-682003330-1004\data

>>>Hidden value :

>>>HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected

>>>Storage System Provider\S-1-5-21-1614895754-796845957-682003330-1004

>>>-> migrate

>>>

>>>Now I am not an expert and I am asking myself what to do with these

>>>findings.

>>>Do they point to a rootkit? And if so, what should be my next actions?

>>>

>>>Thanks,

>>>

>>>Massimo

>>

>>I wouldn't worry much about it, I have the almost same key in my system,

>>mine ends in 1003 instead of 1004, but that may just mean different OS

>>version.

>

>

> Thank you for your reaction.

> And why should I stop worrying about *my* rootkit only because you too

> have one?? :-))

>

> Massimo

Allow me to re-phrase that. I don't think it's a rootkit.

Posted by Massimo on April 23, 2008, 11:46 pm

Please log in for more thread options

Hello,

>Massimo wrote:

>> Hello Tom,

>>

>>

>>

>>>Massimo wrote:

>>>

>>>>Hello,

>>>>

>>>>I did a full scan of my system with Avira virusscanner Free Version

>>>>and it found nothing.

>>>>Then a rootkit scan with Blacklight and it found nothing

>>>>After that a rootkit scan with Trend Micro's Rootkit Buster: it found

>>>>nothing.

>>>>Finally I did a rootkit scan with Avira's Anti Rootkit Tool and it

>>>>found this:

>>>>

>>>>Results:

>>>>Hidden key :

>>>>HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected

>>>>Storage System

>>>>Provider\S-1-5-21-1614895754-796845957-682003330-1004\data

>>>>Hidden value :

>>>>HKEY_USERS\S-1-5-21-1614895754-796845957-682003330-1004\Software\Microsoft\Protected

>>>>Storage System Provider\S-1-5-21-1614895754-796845957-682003330-1004

>>>>-> migrate

>>>>

>>>>Now I am not an expert and I am asking myself what to do with these

>>>>findings.

>>>>Do they point to a rootkit? And if so, what should be my next actions?

>>>>

>>>>Thanks,

>>>>

>>>>Massimo

>>>

>>>I wouldn't worry much about it, I have the almost same key in my system,

>>>mine ends in 1003 instead of 1004, but that may just mean different OS

>>>version.

>>

>>

>> Thank you for your reaction.

>> And why should I stop worrying about *my* rootkit only because you too

>> have one?? :-))

>>

>> Massimo

>Allow me to re-phrase that. I don't think it's a rootkit.

Allright, thank you!

Massimo

Similar Threads	Posted
McAfee virus removal service - Genuine?	February 27, 2008, 3:19 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML Sitemap

1-Script XML Sitemap

XML Sitemap