Archived from groups: microsoft.public.win98.gen_discussion (
More info?)
On Tue, 12 Jul 2005 11:25:54 -0700, Gary S. Terhune wrote:
> "sf" <sf@gmail.com> wrote in message
> news:gro7d15nhl9pmtv5hgkrcl25qgfq0g8v2m@4ax.com...
> > On Mon, 11 Jul 2005 22:20:45 -0700, Gary S. Terhune wrote:
> >
> >> PS -- If you download and run the RootKit Revealer detection app
> >> from
> >> Sysinternals, please don't post logs here. There are other forums
> >> dedicated to that purpose.
> >
> >
> > LOL... first you tell me about something I've never heard of before;
> > then you tell me there's a way to "root" them out. After that you
> > tell me not to post the "log" (which I didn't know it would produce
> > here). OK, buddy... of the three things you just told me, at least I
> > know enough not to post any logs here.
> >
> >
>
> Heh, heh... I hadn't really looked into rootkits until recently. What
> little I do know is mostly what I learned from Mark Russinovich, et al,
> at
http://www.sysinternals.com/utilities/rootkitrevealer.html Good
> explanation, and includes links to other rootkit info.
>
> In *some* cases, there *may* be ways to root them out, but the overall
> consensus is that most are as yet unfixable, leaving reformat as the
> only option. The same page I referred you to offers what is essentially
> an experimental program to find evidence of RootKits. If you run it, it
> creates a log that can be saved. If you want someone to look at that log
> and advise... Well, I'm fairly certain you can find people willing to
> examine such logs at the Aumha forums.
>
I just finished posting a rather "good looking" log file... I think I
beat BookedSpace and VX2 into submission.
> I ran RootkitRevealer a week or two ago, and it definitely found
> evidence of rootkit-like behavior.
I'd like to run it, but I'm getting an error message about a missing
DLL. PSAPI.DLL. Not sure what to do next. I'm pretty sure you're
right about a rootkit problem because the Hyjack This log looked
clean, but something is still causing unwanted popups and seems to be
hyjacking IE every now and then.
> Further investigation showed that
> these items were installed by Adobe when I upgraded to Creative Suite
> CS. Far as I can tell, the reason for these items is to make their
> licensing and anti-piracy measures more difficult (if not impossible) to
> mess with. However, seeing as how that installation has been nothing but
> a PITA since I did it, I have to wonder if the "rootkit" items were
> deliberate or were they accidental, maybe even at the root of my
> problems (pun intended this time, <s>.) I'll know when I get around to
> rebuilding this system and reinstalling Adobe
At least you knew what you were looking at! LOL I'm not sure I will
if I can ever get it up and running.