Re: Download freeware RKR scanning software (detect Sony rootkit & others)

From: karl levinson, mvp (levinson_k_at_despammed.com)
Date: 11/22/05

• Next message: karl levinson, mvp: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
• Previous message: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
• In reply to: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
• Next in thread: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
• Reply: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
• Reply: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 22 Nov 2005 07:32:52 -0500

<pamelafiischer@yahoo.com> wrote in message
news:1132644260.798151.23180@g43g2000cwa.googlegroups.com...

> Not fully understanding what I was doing, I simply had run the exact
> command and IP address given in the RKDetect README:
> C:\> cscript rkdetect.vbs 200.4.4.4
>
> Was I supposed to use my IP address in the script command?

Yes, it appears that was the problem, you can ignore all the other
troubleshooting suggestions about WMI etc. from this post.

> Easy enough to do, I ran:
> C:\> cscript rkdetect.vbs 192.168.0.101
> Query services by WMI...
> Detected 96 services
> Query services by SC...
> Detected 96 services
> Finding hidden services...
>
> Possible rootkit found: FGLRYUtil - FGLRYUtil

> Hmmmnm Did we find a hidden rootkit?

Maybe, I'm not sure. Can you submit that file for a scan to
www.virustotal.com ? It should scan it in a minute. It's also possible
that whatever it is is using ADS streams so that atiisrgl.exe is innocent
and the real file is atiisrgl.exe|hiddenmalware.exe

The people in the various Hijack This! support forums may have more
knowledge of whether this file is good or bad.

http://www.spywareinfo.com/~merijn/forums.html

• Next message: karl levinson, mvp: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
• Previous message: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
• In reply to: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
• Next in thread: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
• Reply: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
• Reply: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Download freeware RKR scanning software (detect Sony rootkit & others) ... > command and IP address given in the RKDetect README: ... > Was I supposed to use my IP address in the script command? ... The people in the various Hijack This! ... support forums may have more ... (alt.computer.security) Re: Download freeware RKR scanning software (detect Sony rootkit & others) ... > command and IP address given in the RKDetect README: ... > Was I supposed to use my IP address in the script command? ... The people in the various Hijack This! ... support forums may have more ... (microsoft.public.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint