Avast WEBforum

Other => General Topics => Topic started by: Happy-Dude on February 10, 2007, 12:40:16 AM

Title: Installing some Windows Internals Utlities, anything I should know?
Post by: Happy-Dude on February 10, 2007, 12:40:16 AM

Heya guys :) !! Just wondering, I'm stalling Process Explorer and Rootkit Revealer onto my PC and I'm wondering if there's anything I should know. I'm pretty confident about Process Explorer and it's functionality, but I'm more concerned on Rootkit Revealer.

Any heads up before I install the two ? All info are appreciated :) !!

Title: Re: Installing some Windows Internals Utlities, anything I should know?
Post by: Happy-Dude on February 10, 2007, 01:39:31 AM

**Correction: Sysinternals Utilities.**

Also, Rootkit Revealer found these registry values (can't really copy and paste):

Path: HKLM/SECURITY/Policy/Secrets/SAC*  Timestamp: 10/14/04 6:51 PM  Size: 0 bytes  Description: Key contains embedded nulls (*)

Path: HKLM/SECURITY/Policy/Secrets/SAI*  Timestamp: 10/14/04 6:51 PM  Size: 0 bytes  Description: Key contains embedded nulls (*)

Path: HKLM/SOFTWARE/Microsoft/Cryptography/RNG/Seed  Timestamp: 2/9/2007 7:39 PM Size: 80 bytes  Description: Data mismatch between Windows API and raw hive data

Path: HKLM/SOFTWARE/Novatix/Cyberhawk/ProcessCount  Timestamp: 7:39 PM  Size: 4 bytes  Description: Data mismatch between Windows API and raw hive data

I'm wondering if they are anything to worry about ... I'm familiar with Microsoft things (kinda) and Novatix Cyberhawk. Also, it said cmd.exe (which I believe is a COMODO Firewall process) prevented the scan from completing. Thats all I can give right now. Thanks the for info !!

Title: Re: Installing some Windows Internals Utlities, anything I should know?
Post by: DavidR on February 10, 2007, 02:21:03 AM

Rootkit Revealer in the hands of someone who doesn't fully understand the information it returns (why something is in that area of the registry and why it might be hidden) is nothing short of dangerous. It is very like HiJackThis it just produces raw data which has to be analysed by someone that would understand it.

I don't profess to fully understand it, but I don't believe there is anything there that I would attempt to remove.

Neither of the two actually require installation as such you just create a folder and unpack the zip file into it, they don't require any registry entries.

Process Explorer is good as it its partner TCPView from the same author.