Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 6 subscribers
  • Views 25939 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

unable to define root kit

gypsydan

The following root kit was found, and am unable to remove it or identify it. 

It does not show in a google search.

\HKEY_USERS\S-1-5-21-1957994488-1659004503-839522115-1005

\HKEY_USERS\S-1-5-21-1957994488-1659004503-839522115-1005_Classes

Any ideas as to what it is?

OS  - xp-sp3

sophos anti root kit  1.3.1

and before I'm asked, 1.5 does not work on my machine

Thanks

:35251


This thread was automatically locked due to age.
Parents
  • 0

    Hello Dan,

    I'm not Sophos, just to avoid confusion.

    HKEY_USERS (HKU for short) is one of the registry root keys (please see this link for a short explanation). The presence of these keys suggests that another user was logged on at the time the scan ran. As the name is the user's SID (which is in principle unique unless this machine is a clone of another one) you won't find it elsewhere (including a search in the Internet).

    HTH

    Christian

    :35357
Reply
  • 0

    Hello Dan,

    I'm not Sophos, just to avoid confusion.

    HKEY_USERS (HKU for short) is one of the registry root keys (please see this link for a short explanation). The presence of these keys suggests that another user was logged on at the time the scan ran. As the name is the user's SID (which is in principle unique unless this machine is a clone of another one) you won't find it elsewhere (including a search in the Internet).

    HTH

    Christian

    :35357
Children
No Data