Spyware, Viruses, & Security forum

General discussion

Rootkit software

by phil66 / November 24, 2006 2:26 AM PST

I have just installed two rootkit programs

Sophos Rootkit
When I run it there are no hidden items

Rootkit Revealer
First run show 4 items 2 in security\policies\secrets
1 in preftech and 1 in system restore

On the second scan it found 5 items 2 in security
3 in system restore.The prefetch item did not show on this scan

When checking regedit for items hklm security would not expand should I have uploaded hives..

Why is there no way to clean from rootkit revealer
Am I wasting time trying to use rootkit revealer
Is sophos the more accurate of the two program or should I be using some other program

This is my first attempt at running rootkits so any help will be appreciated


Discussion is locked
You are posting a reply to: Rootkit software
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Rootkit software
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
by Marianna Schmudlach / November 24, 2006 5:02 AM PST
In reply to: Rootkit software

there are more......

Please run this brand new Catchme rootkit tool by Gmer.
Download catchme.exe to your desktop.

Double click catchme.exe to run it.

Open catchme.log to see the results.


Please download BitDefender RootkitUncover and save it to your desktop.

Double click the bitdefender_antirootkit-BETA2 icon
Review the licence agreement and check the I accept the licence agreement box
Then click Next > and Scan
Allow the program to scan your computer - please be patient as it may take some time.....Once the scan has completed, click Next > IF any items are found, they will be show.



Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

Once you have downloaded the file, double click the sarsfx icon
Review the licence agreement and click on the Accept button
The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button

Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
Allow the program to scan your computer - please be patient as it may take some time
Once the scan has completed a window will pop-up with the results of the scan - click OK to this
In the main window, you will see each of the entries found by the scan (if any)


Here are more:


Collapse -
and another one.....
by Marianna Schmudlach / November 24, 2006 5:06 AM PST
In reply to: Ray.....
Collapse -
by phil66 / November 24, 2006 11:42 AM PST
In reply to: and another one.....

Hi Marianna

Ran Catch Me,Bit Defender and Sophos and all three showed no hidden files or processes.

I like Bit Defender and Sophos. Catch Me ok but I am partial to Bit Defender as I use there on line scanner for a second opinion.

I have been using sophos for sometime now and was looking for a second opinion.

Thanks to your info I am now satisfied with two rootkit scanners.

Thanks for all the help once again.

Collapse -
(NT) Ray, You Are Very Welcome :)
by Marianna Schmudlach / November 24, 2006 2:05 PM PST
In reply to: Rotkits
Collapse -
Regarding: Rootkit Revealer
by Marianna Schmudlach / November 24, 2006 6:31 AM PST
In reply to: Rootkit software
Collapse -
RKR and Reviews
by Bugbatter / November 24, 2006 10:25 AM PST
In reply to: Rootkit software
Collapse -
by phil66 / November 24, 2006 11:48 AM PST
In reply to: RKR and Reviews

Hi Bugbatter

I found out that it did not clean on the first scan.

The items it listed could not be found in the registry as listed or in the other system files.

I do not like deleting something I cannot find.

I have found to many false positives making me leary of just deleting anything a scanner finds.

Thanks for the reply

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?