Infected by rootkit?

max_weinland_at_yahoo.de
Date: 11/20/05

• Next message: DavidPostill: "Re: Infected by rootkit?"
• Previous message: fluidly unsure: "Re: Too bad about this newsgroup"
• Next in thread: DavidPostill: "Re: Infected by rootkit?"
• Reply: DavidPostill: "Re: Infected by rootkit?"
• Reply: Autumn: "Re: Infected by rootkit?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 20 Nov 2005 04:01:16 -0800

Hello,

I have run RootkitRevealer from www.sysinternals.com.
Can someone please explain this results.
Is there a rootkit hidden in System.EnterpriseServices?

Thank you,
Max Weinland

C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 04.11.2005
22:09 258 bytes Visible in Windows API, but not in MFT or directory
index.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 04.11.2005
22:09 114 bytes Visible in Windows API, but not in MFT or directory
index.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\05EBW5IV\search[1].: 03.12.2002 01:03 18.53
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\0PMVKHMB\search[1].: 29.11.2002 11:27 12.42
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\3EGBVDGH\groups[1].: 06.12.2002 21:43 20.04
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\6NOZW78X\search[1].: 09.12.2002 16:52 21.09
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\76SZ3T4X\google[1].: 22.04.2003 09:48 3.65
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\BUKV7PO5\groups[1].: 21.11.2002 22:09 12.62
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\E4E1RPKG\groups[1].:
29.12.2002 14:57 21.24
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\G1A7OPIF\groups[1].:
04.06.2003 23:44 1.08
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\GXQVK92V\dvfaq[1].: 04.06.2003 08:22 84.64
KB Hidden from Windows API.
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary
Internet Files\Content.IE5\WDC3OFGV\search[1].: 20.12.2002 22:56 18.01
KB Hidden from Windows API.

---

• Next message: DavidPostill: "Re: Infected by rootkit?"
• Previous message: fluidly unsure: "Re: Too bad about this newsgroup"
• Next in thread: DavidPostill: "Re: Infected by rootkit?"
• Reply: DavidPostill: "Re: Infected by rootkit?"
• Reply: Autumn: "Re: Infected by rootkit?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > alt.computer.security  > 2005-11