Announcement

Collapse
No announcement yet.

Rootkit Revealer Results

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Rootkit Revealer Results

    Hi,

    I've just been checking out the latest storm over Sony's rootkit protection on some of their music CDs and decided to run Sysinternals (www.sysinternals.com) RootkitRevealer. I noticed that it flagged up the following lines in the Windows registry as being hidden from the Windows API:

    HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf 40

    I believe this is the device driver that appears as a D347PRT SCSI Controller, in Device Manager, and is used by DT to emulate a CD drive. As more viruses, spyware, mallware and now apparently SONY, make use of this kind of technology this leads me on to my question: Will the next version of DT use this kind of technology and if so will it be picked up by future versions of antivirus and anti-spyware/mallware as a possible threat.

    Either way Im sure that DT is not doing anything dodgy on my system, and its an awesome bit of software that I couldnt live without.

    Keep up the good work.

    Dan

  • #2
    that is your virtual drive. Don't believe me? make the number of drives 4 - then you'll have 4 of those items.

    Oh, and BTW, this could have been found by searching too.
    http://www.calendarofupdates.com | http://sevenforums.com

    sigpic

    Comment


    • #3
      Originally Posted by johngalt
      that is your virtual drive. Don't believe me? make the number of drives 4 - then you'll have 4 of those items.

      Oh, and BTW, this could have been found by searching too.
      It's a good job you can read isn't it! If you actually read my post I am fully aware that the driver is in use, and if you set the number of drives to 4 the number of instances of entries hidden from the Windows API increases. This is not what I am questioning.

      My question is this: "As more viruses, spyware, mallware and now apparently SONY, make use of this kind of technology this leads me on to my question: Will the next version of DT use this kind of technology and if so will it be picked up by future versions of antivirus and anti-spyware/mallware as a possible threat." - The "technology" in this case being rootkit interception of Windows API calls.

      As by the looks of things you (johngalt) are an "experienced user" I do hope the rest of your posts are not quite as disparaging as your reply to mine.......

      Comment

      Working...
      X