Re: Mystery file

From: jason <nerraw_nosaj@xxxxxxxxxxx>
Date: Thu, 26 Oct 2006 22:07:58 -0400

In article <eXlt8sW#GHA.4376@xxxxxxxxxxxxxxxxxxxx>,
Bill_Sanderson@xxxxxxxxxxxxxxxxx says...

You might consider running a rootkit detection app:

f-secure's blacklight or Sysinternal's rootkit revealer.

Knowing something about what apps you run might help as well.

I hesitate to post this, because I don't get here very often, but checking
for rootkits would be one way of differentiating "good" metadata from
something else.

Thanks for the pointers, Bill. I did run a rootkit finder, though not
either of those you mention. I took a look at the Sysinternals rootkit
revealer page and it lists $Secure as a Win Server 2003 NTFS metadata
file, but no mention of $SDS or $DATA. I'll try out those you suggested.

Jason
--
reverse my name in email address
.

References:
- Mystery file
  - From: jason
- Re: Mystery file
  - From: Bill Sanderson

Prev by Date: Re: Mystery file
Next by Date: Re: File Access Denied in C:\Program Files\
Previous by thread: Re: Mystery file
Next by thread: Re: Mystery file
Index(es):
- Date
- Thread

Relevant Pages

Re: Ctrl Alt Delete
... troubkeshooting with rootkit, but as the name says Rootkit revealer. ... (sorry nass,, its just that i saw so many people jumping up and down, all bombed outta their ... asking for trouble, i dont even mess in there myself, because i know i am not savvy enough to do so ...
(microsoft.public.windowsxp.general)
Re: MSE
... I re-read your post that I responded to, and understood what you were saying a little better. ... However, the first time a glanced at it, it gave me the impression that there was "no such thing as a rootkit"!!?!!! ... I wasn't trying to suggest cutting-edge Antivirus software, but rather, by downloading the Sysinternals' "Rootkit Revealer" program, that the OP would be able to have a greater understanding of what exactly it is that makes for a "rootkit"... ...
(microsoft.public.windowsxp.general)
Re: MSE
... particular, a method of stealth that takes advantage of the Windows API, by interception ... Microsoft's "RootKit Revealer" utility is a place to start if you believe you may have ... Gmer, Avast's ASWMBR and Kaspersky's TDSKiller are suggested ... Sysinternals RootKit Revealer is not one of them. ...
(microsoft.public.windowsxp.general)
Re: sneaky trojan startup process
... The new one I found is "gmer". ... Havn't been rooted since so I don't know if it can see a rootkit, ... There's only 2 reviews. ... Rootkit revealer has the perfect name, it basically reveals if you have ...
(alt.machines.cnc)
Re: Ctrl Alt Delete
... troubkeshooting with rootkit, but as the name says Rootkit revealer. ... nass wrote: ... I have Administrator rights, and I do not know what i did for this ...
(microsoft.public.windowsxp.general)