Results 1 to 5 of 5
  1. #1
    Bronze Lounger
    Join Date
    Jan 2010
    Location
    Birkirkara, Malta
    Posts
    1,467
    Thanks
    205
    Thanked 15 Times in 14 Posts

    Sysinternals Rootkit Revealer & RegDelNull Programs

    My OS is Win 7 Pro 32 bit with SP1 and all updates installed.

    Whenever I try to run the Rootkit Revealer program (version 1.71.0.0) I get a Windows Interactive Services Detection message telling me that a program needs my attention and do I want to view the message now. If I click view the message I get a light blue screen with a Windows message at the top telling me I can return to the desktop if I wish, but if I do so I then get the original message again. If I click on “More details” in that message window I am told that the Rootkit Revealer program may be incompatible with Windows. I tried running it in all the compatibility options, but this made no difference.

    Apart from the above, when the program finished scanning it found 375809 discrepancies, but what, if anything, can or should I do about them?

    Also, I have been trying to run the RegDelNull program, version 1.10.0.0, but all that happens is that a command prompt window flashes on and off the screen. Trying all the available compatibility options made no difference.

    I tried to email Mark Russinovich about the above problems, using the email address given in the Help file for Rootkit Revealer, but my email was returned as undeliverable, so the help file must be out of date.

    Can anyone help with the above problems?

    Thanks and regards,
    Roy

  2. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Rootkit Revealer from Sysinternals is not compatible with Windows 7. Check out their forums.
    Windows XP/2000 only.

  3. The Following User Says Thank You to CLiNT For This Useful Post:

    jshiii (2012-02-27)

  4. #3
    Bronze Lounger
    Join Date
    Jan 2010
    Location
    Birkirkara, Malta
    Posts
    1,467
    Thanks
    205
    Thanked 15 Times in 14 Posts
    Hello CLiNT, the reason I tried to use the programs I referred to was that I ran a program called SpyDLLRemover, made by Security Xploded, and it referred to some unidentified Hidden Rootkit files with PIDs that I could not identify with Sysinternals Process Monitor. I run regular scans with my always on antivirus etc. program, avast! Internet Security, and various on demand scanners, but nothing else picks anything up. For all I know the files may relate to avast! because other scanning programs do refer to avast! files which do insert hooks into the system, for example the avast! self protection module.

    The SpyDLLRemover scan report is attached, and I would appreciate further advice.

    Thanks and regards,
    Roy
    Attached Files Attached Files

  5. #4
    Bronze Lounger
    Join Date
    Jan 2010
    Location
    Birkirkara, Malta
    Posts
    1,467
    Thanks
    205
    Thanked 15 Times in 14 Posts
    Hello all,

    Can anyone give further advice?

    Regards, Roy

  6. #5
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Apart from the above, when the program finished scanning it found 375809 discrepancies, but what, if anything, can or should I do about them?
    Ignore them and use a rootkit tool that is compatible with your operating system. It is also well known that Rootkit Revealer can and will generate
    many false positives. Much discretion is needed on the part of the user when it come to identifying these values. Too much so to be usefull to the average user.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •