Jump to content
Roxio Community

  • Who's Online   0 Members, 0 Anonymous, 13 Guests (See full list)

    • There are no registered users currently online

Rootkit - WARNING

gi7omy

By gi7omy
in General Chat

Recommended Posts

gi7omy Digital Guru

gi7omy

Posted
Posted

Just when you thought it was safe to go back in the water

 

http://searchwindowssecurity.techtarget.co...1224912,00.html

 

I ran the sysinternals scan - and found it flagged two entries in the registry:

HKLM\SECURITY\Policy\Secrets\SAC\*

HKLM\SECURITY\Policy\Secrets\SAI\*

 

Both showing 'keyname contains embedded nulls'(*)

 

I did a search on these and they seem to be harmless (they're part of the installed OS) but then, so's Alexa

 

How serious the threat is I don't know but it looks as if we're going to have to run an additional sweep (on top of A/V and Malware ones)

Link to comment
Share on other sites
vid2man97 Digital Master

vid2man97

Posted
Posted

I just picked up NAV2007 which is supposed to also detect and remove rootkits. Hopefully it won't screw things up with false positives.

 

I never had a need and always wondered about the FSecure Blacklight and passed when they warned it was a beta and might cause havoc. Beta is a four letter word after all....I try to pass.

 

 

Always something to worry about, isn't there?

Link to comment
Share on other sites
REDWAGON Digital Guru

REDWAGON

Posted
Posted

".... just picked up NAV2007 which....."

 

I am running NIS2006 on all my computers and there is only a couple of months left on a couple of the subscriptions for their updates. I have been thinking about buying the new NIS 2007, but have heard that it is a hog for resources, so I'm not sure. You're running just Norton Antivirus, so does just running the anti virus program alone keep all the other malware, spam etc. out of your computer ??

 

Frank...

Link to comment
Share on other sites
marlinsinger Digital Master

marlinsinger

Posted
Posted
".... just picked up NAV2007 which....."

 

I am running NIS2006 on all my computers and there is only a couple of months left on a couple of the subscriptions for their updates. I have been thinking about buying the new NIS 2007, but have heard that it is a hog for resources, so I'm not sure. You're running just Norton Antivirus, so does just running the anti virus program alone keep all the other malware, spam etc. out of your computer ??

 

Frank...

 

I have "heard" Norton is hog for resources for years. Never had a problem. Currently running NIS2007.

Link to comment
Share on other sites
bds1958 Digital Master

bds1958

Posted
Posted
".... just picked up NAV2007 which....."

 

I am running NIS2006 on all my computers and there is only a couple of months left on a couple of the subscriptions for their updates. I have been thinking about buying the new NIS 2007, but have heard that it is a hog for resources, so I'm not sure. You're running just Norton Antivirus, so does just running the anti virus program alone keep all the other malware, spam etc. out of your computer ??

 

Frank...

The anti virus alone doesn't cover malware,spam etc.

I recently ditched Norton AV and installed AVG Anti Malware. Check it out along with alternatives to all Norton products at

http://www.grisoft.com/doc/5/lng/uk/tpl/tpl01

Link to comment
Share on other sites
ggrussell Digital Guru

ggrussell

Posted
Posted

I could tell on mine... I got rid of Norton's when my subscription ran out. Boots much faster. Some applications launch faster, too. At the moment, I'm running AVG free 7.5 and MS Defender.

 

There are also certain 'risky' activities like staying away from websites that are real popular by teens and tweens. A haven for spyware and pop ups. I NEVER open attachments from anyone I don't know.

Link to comment
Share on other sites
marlinsinger Digital Master

marlinsinger

Posted
Posted
Not to be critical Marlin, but how could you tell on your rig!

 

cd

 

I haven't always had this rig, I have run Norton on and 1.0ghz up to 3.6ghz. Only in the past couple of years have I come down with upgrade mania. :) And you know I do enjoy it so.

 

Also, I just ran Sysinternals newest Rookit Revealer myself. Came up with the exact same messages, plus a couple for Symantec due to hiding files from the API. When I looked at the registry entry they mentioned. There is nothing there. It is empty under HKLM\Security. I am wondering if they are flagging it because it is empty?

Link to comment
Share on other sites
REDWAGON Digital Guru

REDWAGON

Posted
Posted

"You're running just Norton Antivirus, so does just running the anti virus program alone keep all the other malware, spam etc. out of your computer ??"

 

I am well aware of what NIS takes care of, so I guess I should have asked my question a little better. What I was suggesting was if one just runs an anti-virus program alone without any other security type programs, then they must be pretty lucky to not have all the other malware, spam, spybot etc. stuff coming at you. So far my NIS2006 is taking very good care of my computer. The only thing that I really don't like is that there are many options that you must set manually to keep some of the attacks from getting on your computer. One good example is spam.

 

Frank...

Link to comment
Share on other sites
vid2man97 Digital Master

vid2man97

Posted
Posted
".... just picked up NAV2007 which....."

 

I am running NIS2006 on all my computers and there is only a couple of months left on a couple of the subscriptions for their updates. I have been thinking about buying the new NIS 2007, but have heard that it is a hog for resources, so I'm not sure. You're running just Norton Antivirus, so does just running the anti virus program alone keep all the other malware, spam etc. out of your computer ??

 

Frank...

 

Well, it comes down to me being chickensh*t about the computer and the various innerds.

I've just been running NAV for so long (latest 2006, about to change to 2007), that I'm actually afraid to uninstall it. I know, there's even a tool provided by Norton but I just don't need anything broke right now as

I'm in the middle of too many things.

I considered FSecure but I don't know anyone running it and I don't feel like testing it out.

But yes, NAV does hog a system down. It is supposed to keep out spyware and the like (not spam) but I run Spysweeper along side it anyway, but I might stop though cause in two years of using it, all I've blocked are some ads and "tracking cookies"....big whoop. Maybe I should knock on wood.

 

On the plus side, I find that if and when it's really necessary to get every bit of resourse, Norton can be shut down pretty well. I actually find Spysweeper pretty intrusive. Maybe I'll try the Adaware realtime version...

 

As a side note though, I don't understand why Norton wants to charge me $40 to renew my subscription for 2006, when I bought 2007 for $15 (after rebates and discount). Seems like a waste.

Link to comment
Share on other sites
lynn98109 Digital Master

lynn98109

Posted
Posted
As a side note though, I don't understand why Norton wants to charge me $40 to renew my subscription for 2006, when I bought 2007 for $15 (after rebates and discount). Seems like a waste.

I think the assumption is if you try it, you'll keep it.

 

I got Norton SW/FW 2005 for free after rebates (WinXP); I bought a 2nd copy for computer #3 (Win2K). (Computer #1 has Norton SW 2002, and FW 2005 (different copy) which ran out last weekend, and the Win98 SE isn't expected to be online again.)

Link to comment
Share on other sites
REDWAGON Digital Guru

REDWAGON

Posted
Posted

Neil, Bruce and Daithi, you talked me into it. I'll have to give "mailwasher" a try, as I'm really not that fond of how NIS2006 takes care of my spam. :) My only thought is how much of the good guys does it catch also ?

 

Frank...

Link to comment
Share on other sites
grandpabruce Digital Guru

grandpabruce

Posted
Posted
Neil, Bruce and Daithi, you talked me into it. I'll have to give "mailwasher" a try, as I'm really not that fond of how NIS2006 takes care of my spam. :) My only thought is how much of the good guys does it catch also ?

 

Frank...

 

You preview your mail from your desktop, Frank. You create friends lists and a block list. The e-mails still show, but they don't come into your computer. You can pick and choose what to delete, or what to delete and bounce. It works well. I can count on one hand the number of times that I checked my e-mail from within the browser, in the past 5 years, or more.

Link to comment
Share on other sites
REDWAGON Digital Guru

REDWAGON

Posted
Posted

So O.K. Bruce, but how does the program continue to work with my Norton NIS2006 and the "Outlook Express" where I get my e-mails now ?? I'm pretty much doing what you are suggesting with my NIS2006. When I get an e-mail I can click it and let Norton know that it is spam as far as Outlook express is concerned and then go into the NIS2006 program and add it to my spam blocked list.

 

Frank...

Link to comment
Share on other sites
Brendon Digital Guru

Brendon

Posted
Posted
I ran the sysinternals scan - and found it flagged two entries in the registry:

HKLM\SECURITY\Policy\Secrets\SAC\*

HKLM\SECURITY\Policy\Secrets\SAI\*

 

Both showing 'keyname contains embedded nulls'(*)

 

I did a search on these and they seem to be harmless (they're part of the installed OS) but then, so's Alexa

 

At the risk of being ON topic, what OS has installed these two registry entries Dáithí ? You don't seem to name yours in your sig. Alexa isn't part of the OS, is it?

 

Were they flagged as parts of a rootkit, or is it just that the Sysinternals program didn't like the keynames?

Link to comment
Share on other sites
grandpabruce Digital Guru

grandpabruce

Posted
Posted
So O.K. Bruce, but how does the program continue to work with my Norton NIS2006 and the "Outlook Express" where I get my e-mails now ?? I'm pretty much doing what you are suggesting with my NIS2006. When I get an e-mail I can click it and let Norton know that it is spam as far as Outlook express is concerned and then go into the NIS2006 program and add it to my spam blocked list.

 

Frank...

 

I'll pm you a picture when I get some mail. Mailwasher uses any mail program you want. I use Outlook Express.

Link to comment
Share on other sites
jeanrosenfeld Digital Master

jeanrosenfeld

Posted
Posted
When I looked at the registry entry they mentioned. There is nothing there. It is empty under HKLM\Security. I am wondering if they are flagging it because it is empty?

 

Regedit does not show those entries (it hides the subkeys of security). Try regalyzer from Safer networking:

 

http://www.safer-networking.org/en/download/index.html

 

(note that is a beta).

 

But in a sense you are right: both \Secrets\SAC and \Secrets\SAI are empty. However leave them alone :-).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...