June 25th, 2007, 03:55 AM
Help with output rootkitrevealer v1.7
Hello fellow members of AO. I recently scanned my system with RootKitRevealer v1.7 and it found *37 discrepancies*
33 are located in
c:\documents and settings\all users\documents\my music\alicia keys\destiny's child\thumbs.db:encryptable <--(they all end in this)
and my personal document folder. Some of them have and say 304 bytes hidden from Windows API and or 13 bytes data mismatch between Windows API and raw hive data.
I will try to include a screen shot for "explaining" most of the corruption seems to be in my 2006 hurricane folder or my pictures. Me and my GF use limewire I think it's the reason for this output.
How can I determine if this is really malicious code on the system or false positives?
Curious, what does this mean? Some of them have and say 304 bytes hidden from Windows API I have a pretty good idea but wtf?
anything to be worried about?
Last edited by Computernerd22; June 25th, 2007 at 04:04 AM.
June 25th, 2007, 04:51 AM
When you run a program like this it is absolutely crucial that you don't do anything with the computer while it's running. What the program does is take a "snapshot" of what the Windows API thinks is on your hard disk, and then it goes about reading the raw data and compares the two.
If you have any programs open that are making changes or downloading anything or really doing anything at all, the program's snapshot of the Windows API will not reflect these changes in the raw data. That's where most discrepancies/false positives come from.
June 25th, 2007, 03:53 PM
That just means that the file has an alternative ntfs stream. It has a flag that the file can be encrypted.
More about NTFS: http://www.wikistc.org/wiki/Alternate_data_streams
June 25th, 2007, 04:05 PM
You can safely remove the Thumbs.db files. They'll be re-created by windows (thumbnails in folder views).
Experience is something you don't get until just after you need it.
By str34m3r in forum The Security Tutorials Forum
Last Post: September 25th, 2006, 03:20 AM
By AxessTerminated in forum Programming Security
Last Post: September 13th, 2004, 03:26 AM
By gore in forum Newbie Security Questions
Last Post: December 29th, 2003, 08:01 AM
By Condoor in forum AntiOnline's General Chit Chat
Last Post: February 12th, 2003, 04:08 AM
By Natasha69 in forum *nix Security Discussions
Last Post: November 8th, 2002, 09:45 PM