What did RootkitRevealer detected here

[Han]

Just for the heck of it I downloaded and ran Rootkitrevealer from
Sysinternals/Microsoft. Of course I did stupid and deleted a file while
it was running so that's a loose alarm for sure, but what was the stuff
referencing a single ID-like number:
B135B566-11BB-4C76-A0D8-40088C051376?

Those things disappeared when I re-ran Rootkitrevealer, but these remained:

HKLM\SECURITY\Policy\Secrets\SAC* 9/17/2006 8:57 PM 0 bytes Key
name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 9/17/2006 8:57 PM 0 bytes Key
name contains embedded nulls (*)


Can anyone tell me what this is supposed to mean?

--
Best regards
Han
email address is invalid

[Slarty]

On Wed, 27 Dec 2006 12:36:20 GMT, Han wrote:

> Just for the heck of it I downloaded and ran Rootkitrevealer from
> Sysinternals/Microsoft. Of course I did stupid and deleted a file while
> it was running so that's a loose alarm for sure, but what was the stuff
> referencing a single ID-like number:
> B135B566-11BB-4C76-A0D8-40088C051376?
>
> Those things disappeared when I re-ran Rootkitrevealer, but these remained:
>
> HKLM\SECURITY\Policy\Secrets\SAC* 9/17/2006 8:57 PM 0 bytes Key
> name contains embedded nulls (*)
>
> HKLM\SECURITY\Policy\Secrets\SAI* 9/17/2006 8:57 PM 0 bytes Key
> name contains embedded nulls (*)
>
> Can anyone tell me what this is supposed to mean?

Download and run RegDelNull from the same place. That'll remove them, just
read the instructions on the download page first.

Cheers,

Roy

[Nick Skrepetos]

Slarty wrote:
> On Wed, 27 Dec 2006 12:36:20 GMT, Han wrote:
>
> > Just for the heck of it I downloaded and ran Rootkitrevealer from
> > Sysinternals/Microsoft. Of course I did stupid and deleted a file while
> > it was running so that's a loose alarm for sure, but what was the stuff
> > referencing a single ID-like number:
> > B135B566-11BB-4C76-A0D8-40088C051376?
> >
> > Those things disappeared when I re-ran Rootkitrevealer, but these remained:
> >
> > HKLM\SECURITY\Policy\Secrets\SAC* 9/17/2006 8:57 PM 0 bytes Key
> > name contains embedded nulls (*)
> >
> > HKLM\SECURITY\Policy\Secrets\SAI* 9/17/2006 8:57 PM 0 bytes Key
> > name contains embedded nulls (*)
> >
> > Can anyone tell me what this is supposed to mean?
>
> Download and run RegDelNull from the same place. That'll remove them, just
> read the instructions on the download page first.
>
> Cheers,
>
> Roy

I would be careful about deleting those keys without research into
their actual function. I.E. Quick google search....

http://www.google.com/search?hl=en&q...=Google+Search

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com

[Han]

"Nick Skrepetos" <nskrepetos@yahoo.com> wrote in
news:1167240452.792680.242160@f1g2000cwa.googlegro ups.com:

>
> Slarty wrote:
>> On Wed, 27 Dec 2006 12:36:20 GMT, Han wrote:
>>
>> > Just for the heck of it I downloaded and ran Rootkitrevealer from
>> > Sysinternals/Microsoft. Of course I did stupid and deleted a file
>> > while it was running so that's a loose alarm for sure, but what was
>> > the stuff referencing a single ID-like number:
>> > B135B566-11BB-4C76-A0D8-40088C051376?
>> >
>> > Those things disappeared when I re-ran Rootkitrevealer, but these
>> > remained:
>> >
>> > HKLM\SECURITY\Policy\Secrets\SAC* 9/17/2006 8:57 PM 0 bytes
>> > Key name contains embedded nulls (*)
>> >
>> > HKLM\SECURITY\Policy\Secrets\SAI* 9/17/2006 8:57 PM 0 bytes
>> > Key name contains embedded nulls (*)
>> >
>> > Can anyone tell me what this is supposed to mean?
>>
>> Download and run RegDelNull from the same place. That'll remove them,
>> just read the instructions on the download page first.
>>
>> Cheers,
>>
>> Roy
>
> I would be careful about deleting those keys without research into
> their actual function. I.E. Quick google search....
>
> http://www.google.com/search?hl=en&q...licy%5CSecrets
> %5CSAC&btnG=Google+Search
>
> Nick Skrepetos
> SUPERAntiSpyware.com
> http://www.superantispyware.com
>
Thanks, Nick and Roy. As long as I don't know what the prupose of the
keys is, I'll let them live.

I was paranoid when I saw a removable drive on my system in drive manager
that I couldn't place. Turns out, it's the USB interface on my Canon
printer <duh>. When I ran Rootkitrevealer, I was also folling with some
files that I didn't need anymore, so that Sysinternals program got
confused. As usual, PEBCAK ...

--
Best regards
Han
email address is invalid

[Slarty]

On 27 Dec 2006 0933 -0800, Nick Skrepetos wrote:

> Slarty wrote:
>> On Wed, 27 Dec 2006 12:36:20 GMT, Han wrote:
>>
>>> Just for the heck of it I downloaded and ran Rootkitrevealer from
>>> Sysinternals/Microsoft. Of course I did stupid and deleted a file while
>>> it was running so that's a loose alarm for sure, but what was the st

>
> I would be careful about deleting those keys without research into
> their actual function. I.E. Quick google search....
>
> http://www.google.com/search?hl=en&q...=Google+Search
>
> Nick Skrepetos
> SUPERAntiSpyware.com
> http://www.superantispyware.com

I agree that I was a little quick in assuming that the OP had done a little
basic research on the applications he has installed, but any registry
tinkering should always be preceeded by a backup of that branch at least. I
know also that some quite benign applications can cause foul ups resulting
in those blanks. But having used the Systernals application with good
results, given those provisos I think it's worth a try if they're
intractable and causing concern.

Cheers,

Roy

[Han]

Sorry to have wasted your time, Roy. As long as I don't know what the
purpose of the keys is, I'll let them live.

When I ran Rootkitrevealer, I was also fooling with some files that I
didn't need anymore, so that Sysinternals program got confused. As usual,
PEBCAK ...

I was paranoid when I saw a removable drive on my system in drive manager
that I couldn't place. Turns out, it's the USB interface on my Canon
printer <duh>. Then the rest came ...
--
Best regards
Han
email address is invalid

[Slarty]

On Thu, 28 Dec 2006 01:08:08 GMT, Han wrote:

> Sorry to have wasted your time, Roy. As long as I don't know what the
> purpose of the keys is, I'll let them live.

Nothing to feel sorry about Han, I like to try and help if I can. :-)

Cheers,

Roy