[Harry]

Ran the latest version of rootkit revealer and these 2 entries showed up. Ran after updating XP today with the latest MS fixes. Do they belong to rootkit revealer. or to MS? I have ran RKR on 3 computers and this shows up on 2 of them. One is an Intel, dual processor and the other is an AMD Athlon 2000. They did not show under the previous version of RKR, so I don'y know if they have been there all along or if the new version checks deeper. Anyone else ran into this?

HKLM\Security\Policy\Secrets\SAC* Key name contains embedded nulls

HKLM\Security\Policy\Secrets\SAI* Key name contains embedded nulls

Harry

[Tarun]

They're nothing to worry about. The new version simply changed how Rootkit Revealer performs the scanning process.

[Photogrrlz]

Okay I have a dumb question since I seen it on the combofix... what is a rootkit? also I guess that is the catchme program off of combofix? I read that it was because of a rootkit that the system32 folder was deleted

[Tarun]

A rootkit is a general description of a set of programs which work to subvert control of an operating system from its legitimate operators. Usually, a rootkit will obscure its installation and attempt to prevent its removal through a subversion of standard system security. Techniques used to accomplish this can include concealing running processes, files or system data from the operating system. Rootkits have their origin in benign applications, but in recent years have been used increasingly by malware to help intruders maintain access to systems while avoiding detection. Rootkits exist for a variety of operating systems, such as Microsoft Windows, Mac OS X , Linux and Solaris. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules.

Source: Rootkit - Wikipedia