I've been working on this PC for several days and I have used several rootkit detectors (sophos and rootkit shark). Sophos finds a hidden registry key:
HKEY_USERS\S-1-5-21-436374069-1897051121-839522115-500\ (broken to ease reading) Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll
The long alphanumeric after the first slash isn't the same on that machine, but it's the same key. When you use regedit to look at their registry, you don't see the .dll entry listed, while sophos shows that this big long string is in there. And as I said, RKShark says the registry is clean.
Questions:
1- Which one should I believe?
2- How does one fix such a thing (when RK Shark which promises to detect and fix such things can't see it)?
I know the .dll entry is pretty empty on my machine and is quite visible in regedit.
Thanks for giving it a shot!
bh
HKEY_USERS\S-1-5-21-436374069-1897051121-839522115-500\ (broken to ease reading) Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll
The long alphanumeric after the first slash isn't the same on that machine, but it's the same key. When you use regedit to look at their registry, you don't see the .dll entry listed, while sophos shows that this big long string is in there. And as I said, RKShark says the registry is clean.
Questions:
1- Which one should I believe?
2- How does one fix such a thing (when RK Shark which promises to detect and fix such things can't see it)?
I know the .dll entry is pretty empty on my machine and is quite visible in regedit.
Thanks for giving it a shot!
bh
But it was infected with stuff? What sorts of stuff? It's always interesting to learn what's going on out there 
Facebook
Twitter