Author Topic: Installing some Windows Internals Utlities, anything I should know?  (Read 2429 times)

0 Members and 1 Guest are viewing this topic.

Happy-Dude

  • Guest
Heya guys :) !! Just wondering, I'm stalling Process Explorer and Rootkit Revealer onto my PC and I'm wondering if there's anything I should know. I'm pretty confident about Process Explorer and it's functionality, but I'm more concerned on Rootkit Revealer.

Any heads up before I install the two ? All info are appreciated :) !!

Happy-Dude

  • Guest
Re: Installing some Windows Internals Utlities, anything I should know?
« Reply #1 on: February 10, 2007, 01:39:31 AM »
**Correction: Sysinternals Utilities.**

Also, Rootkit Revealer found these registry values (can't really copy and paste):

Path: HKLM/SECURITY/Policy/Secrets/SAC*  Timestamp: 10/14/04 6:51 PM  Size: 0 bytes  Description: Key contains embedded nulls (*)

Path: HKLM/SECURITY/Policy/Secrets/SAI*  Timestamp: 10/14/04 6:51 PM  Size: 0 bytes  Description: Key contains embedded nulls (*)

Path: HKLM/SOFTWARE/Microsoft/Cryptography/RNG/Seed  Timestamp: 2/9/2007 7:39 PM Size: 80 bytes  Description: Data mismatch between Windows API and raw hive data

Path: HKLM/SOFTWARE/Novatix/Cyberhawk/ProcessCount  Timestamp: 7:39 PM  Size: 4 bytes  Description: Data mismatch between Windows API and raw hive data

I'm wondering if they are anything to worry about ... I'm familiar with Microsoft things (kinda) and Novatix Cyberhawk. Also, it said cmd.exe (which I believe is a COMODO Firewall process) prevented the scan from completing. Thats all I can give right now. Thanks the for info !!
« Last Edit: February 10, 2007, 01:46:02 AM by Happy-Dude »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Installing some Windows Internals Utlities, anything I should know?
« Reply #2 on: February 10, 2007, 02:21:03 AM »
Rootkit Revealer in the hands of someone who doesn't fully understand the information it returns (why something is in that area of the registry and why it might be hidden) is nothing short of dangerous. It is very like HiJackThis it just produces raw data which has to be analysed by someone that would understand it.

I don't profess to fully understand it, but I don't believe there is anything there that I would attempt to remove.

Neither of the two actually require installation as such you just create a folder and unpack the zip file into it, they don't require any registry entries.

Process Explorer is good as it its partner TCPView from the same author.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security