PDA

View Full Version : Rootkit Revealer Results



SurferJoe46
24-12-2006, 10:21 AM
Another lost chunk of grey matter for me...and probably a dumb question to youse guys:

Results from Rootkit Revealer leaves me questioning the result I post here:

HKLM\SOFTWARE\Classes\webcal\URL Protocal - 13 bytes - Data mismatch between Windows API and raw hive data.

OK..so now what?

The_End_Of_Reality
24-12-2006, 10:34 AM
I have no idea, but did you try Googleing? :p

I got this site first up (and only) by C/P the result http://forum.sysinternals.com/forum_posts.asp?TID=1507&PN=1

SurferJoe46
24-12-2006, 12:01 PM
I have no idea, but did you try Googleing? :p

I got this site first up (and only) by C/P the result http://forum.sysinternals.com/forum_posts.asp?TID=1507&PN=1

Ya know, I gotta start doing that for the tech stuff too.

It's not uncommon for me to Google things like this:

" what is the differential corollary in miles per hour and the time required to see the moon change in position by 1/2 it's mean diameter during the vernal equinox in a northern hemisphere on Mars " and I get results......so why didn't I Google that line too?

I dunnow! :nerd:

The_End_Of_Reality
24-12-2006, 01:29 PM
Ha ha, I know the feeling, I do it too some times :p

But as for your question... I am unable to help you :groan:

And WHAT_THE_BANANAS_DOES_THAT_MEAN??? :p

pheonix
24-12-2006, 02:08 PM
From http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx

" This discrepancy will occur if a Registry value is updated while the Registry scan is in progress. Values that change frequently include timestamps such as the Microsoft SQL Server uptime value, shown below, and virus scanner "last scan" values. You should investigate any reported value to ensure that its a valid application or system Registry value. "

pheonix
24-12-2006, 02:10 PM
What that means is... dunno really.

I would try running the revealer while in safemode to eliminate the possibility of anything updating.

Speedy Gonzales
24-12-2006, 02:30 PM
Do a scan with Trojan remover (http://www.simplysup.com/)

See if that detects/picks up any rootkit services.

SurferJoe46
24-12-2006, 04:27 PM
Do a scan with Trojan remover (http://www.simplysup.com/)

See if that detects/picks up any rootkit services.

Nope...clean!

So I can sleep well tonight...[the trout fishing was cancelled for snow/rain/cold in the mountains yesterday, so I go on Xmas morning....should be nice and deserted then as all the daddys and moms are sleeping adult beverages off either under the tree or in the driveway and the kiddies will be gleefully smiting each other with toys and sugar-highs.]

pctek
24-12-2006, 09:24 PM
It means exactly that - a discrepancy. Nothing to worry about - you can ignore it or delete it - either way nothing bad will happen.

chainey
24-12-2006, 09:32 PM
"Raw hive data" sounds a bit ominous. Does the machine have a honeycomb grille on it anywhere?

R2x1
24-12-2006, 11:48 PM
"Raw hive data" sounds a bit ominous. Does the machine have a honeycomb grille on it anywhere?
If "yes" to the above, beware of bears.