PDA

View Full Version : Rootkit Revealer Results



danjw
10.11.2005, 20:01
Hi,

I've just been checking out the latest storm over Sony's rootkit protection on some of their music CDs and decided to run Sysinternals (www.sysinternals.com (http://www.sysinternals.com)) RootkitRevealer. I noticed that it flagged up the following lines in the Windows registry as being hidden from the Windows API:

HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf 40

I believe this is the device driver that appears as a D347PRT SCSI Controller, in Device Manager, and is used by DT to emulate a CD drive. As more viruses, spyware, mallware and now apparently SONY, make use of this kind of technology this leads me on to my question: Will the next version of DT use this kind of technology and if so will it be picked up by future versions of antivirus and anti-spyware/mallware as a possible threat.

Either way Im sure that DT is not doing anything dodgy on my system, and its an awesome bit of software that I couldnt live without.

Keep up the good work.

Dan

johngalt
11.11.2005, 05:45
that is your virtual drive. Don't believe me? make the number of drives 4 - then you'll have 4 of those items.

Oh, and BTW, this could have been found by searching too.

danjw
11.11.2005, 19:25
that is your virtual drive. Don't believe me? make the number of drives 4 - then you'll have 4 of those items.

Oh, and BTW, this could have been found by searching too.

It's a good job you can read isn't it! If you actually read my post I am fully aware that the driver is in use, and if you set the number of drives to 4 the number of instances of entries hidden from the Windows API increases. This is not what I am questioning.

My question is this: "As more viruses, spyware, mallware and now apparently SONY, make use of this kind of technology this leads me on to my question: Will the next version of DT use this kind of technology and if so will it be picked up by future versions of antivirus and anti-spyware/mallware as a possible threat." - The "technology" in this case being rootkit interception of Windows API calls.

As by the looks of things you (johngalt) are an "experienced user" I do hope the rest of your posts are not quite as disparaging as your reply to mine.......