|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
10-11-2006
| #1 (permalink) |
| | Rootkits in Vista RC-1 and RC-2 ? I have Win XP on my first physical drive and a second physical drive for trying out Vista Before the Vista install my system was clean of virus's and root kits After the install I ran root kit revealer again and have 27 discrepancies over both drives I have had some strange behavior in XP, I burned a linux DVD for my other box and when I shut down Nero I got the small hourglass flickering next to my mouse pointet I did the three finger salute and looked at the process tab in task manager, I spotted rundll.32 appearing and disappearing all over the place I reopened Nero and closed it to calm things down I am concerned about these findings, I tried sophos antirootkit and it found two files on my Vista drive Does Vista use a new boot scheme ? I noticed some new files in the root directory of my XP drive and the boot.ini has been tweaked Boot times for XP have increased a bit And then the strange behavior Looks like I get to format half a terabyte a drive space and start over |
My System Specs |
|
10-11-2006
| #2 (permalink) |
| | Re: Rootkits in Vista RC-1 and RC-2 ? Hi, The roottkit tool may not know what to do with various Vista functions, so before making assumptions check with the distributor. Vista uses winload.exe to start the OS before passing control to ntoskrnl.exe, and it (winload.exe) relies on reading a BCD file under C:\boot. This initial startup sequence is very different than that used by previous NT systems, so may be part of what is confusing the rootkit tool. Nero has had problems reported on every build of Vista so far, I wouldn't rely on anything regarding it thus far. Hopefully, the folks at Ahead will get it worked out shortly as Vista goes RTM. > Looks like I get to format half a terabyte a drive space and start over You should not get involved in beta products if you are not willing and able to do this. It's par for the course. -- Best of Luck, Rick Rogers, aka "Nutcase" - Microsoft MVP http://mvp.support.microsoft.com/ Windows help - www.rickrogers.org "breakin hardware" <breakinhardware@discussions.microsoft.com> wrote in message news:35C43A83-FD2B-4026-B31D-F997B3DB7D01@microsoft.com... >I have Win XP on my first physical drive and a second physical drive for > trying out Vista > Before the Vista install my system was clean of virus's and root kits > After the install I ran root kit revealer again and have 27 discrepancies > over both drives > I have had some strange behavior in XP, I burned a linux DVD for my other > box and when I shut down Nero I got the small hourglass flickering next to > my > mouse pointet > I did the three finger salute and looked at the process tab in task > manager, I spotted rundll.32 appearing and disappearing all over the place > I reopened Nero and closed it to calm things down > I am concerned about these findings, I tried sophos antirootkit and it > found two files on my Vista drive > Does Vista use a new boot scheme ? I noticed some new files in the root > directory of my XP drive and the boot.ini has been tweaked > Boot times for XP have increased a bit > And then the strange behavior > Looks like I get to format half a terabyte a drive space and start over |
| My System Specs |
|
10-11-2006
| #3 (permalink) |
| | Re: Rootkits in Vista RC-1 and RC-2 ? I agree with Rick Rogers. I wouldn't trust the output from a rootkit scanner on a computer that has Vista installed. The boot process is very different and Vista has changed the ACLs on many folders and files which may cause the rootkit scanner to give false positives. Interpeting the result from a rootkit scanner takes an expert. I have been cleaning viruses, malware, and rootkits for years and I often have to do a considerable amount of research when interpeting the results of any given scan. If you want to use a rootkit scanner with Vista the only way to proceed would be to set up the computer without Vista, scan it and note the results. Install Vista, run the scan, and note the differences. For future scans look for any more changes and then research these changes. -- Kerry MS-MVP Windows - Shell/User http://www.vistahelp.ca breakin hardware wrote: > I have Win XP on my first physical drive and a second physical drive > for trying out Vista > Before the Vista install my system was clean of virus's and root kits > After the install I ran root kit revealer again and have 27 > discrepancies over both drives > I have had some strange behavior in XP, I burned a linux DVD for my > other box and when I shut down Nero I got the small hourglass > flickering next to my mouse pointet > I did the three finger salute and looked at the process tab in task > manager, I spotted rundll.32 appearing and disappearing all over the > place > I reopened Nero and closed it to calm things down > I am concerned about these findings, I tried sophos antirootkit and it > found two files on my Vista drive > Does Vista use a new boot scheme ? I noticed some new files in the > root directory of my XP drive and the boot.ini has been tweaked > Boot times for XP have increased a bit > And then the strange behavior > Looks like I get to format half a terabyte a drive space and start > over |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Scanning for rootkits | Vista General | |||
| RE: RootKits? | Vista General | |||
| Removing RootKits | Vista security | |||
| Removing RootKits | Vista file management | |||
| Removing Rootkits from Boot Sector. | Vista General | |||
