CastleCops® MBR rootkit or false alarm?

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

Rootkit or false positive?

All -> FavForums -> Rootkit Revelations

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

wetsprockets

Cadet
Cadet

Joined: May 11, 2008
Posts: 1
Location: USA

Posted: Sun May 11, 2008 12:10 pm Post subject: Rootkit or false positive?

Hope this is the right forum. So I recently installed the Antivir free edition and had it do a rootkit scan. It found four hidden objects in the registry. Did a Google search and couldn't find anything. Here's the log: Configuration settings for the scan: Logging..........................: high Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Scan memory......................: off Process scan.....................: off Scan registry....................: off Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: off Smart extensions.................: on Macro heuristic..................: on File heuristic...................: high Expanded search settings.........: 0x00300922 Start of the scan: Sunday, May 11, 2008 07:47 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Nls\MUILanguages\RCV2\lxa\0 [INFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Nls\MUILanguages\RCV2\lxa\1 [INFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Nls\MUILanguages\RCV2\lxa\0 [INFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Nls\MUILanguages\RCV2\lxa\1 [INFO] The registry entry is invisible. '506234' objects were checked, '4' hidden objects were found. End of the scan: Sunday, May 11, 2008 07:50 Used time: 03:07 min The scan has been done completely. 0 Scanning directories 0 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 0 Files cannot be scanned 0 Files not concerned 0 Archives were scanned 0 Warnings 0 Notes 506234 Objects were scanned with rootkit scan 4 Hidden objects were found So is this "lxa" something to worry about? Thanks!

	All -> FavForums -> Rootkit Revelations	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 112ppm 0.265s (0.054s) Making cybercriminals unhappy since 2002*