Question for anybody well versed in Rootkits.
Just took possession of used laptop. Dell Latitude running windows XP.
Knocked down DOS partitions, recreated partitions, formatted and installed XP with NTFS file system.
System is clean at this point just after install with only Windows XP installed.
When I run Rootkit Revealer some scans show nothing and some show discrepancies even though there is no specific reference to any known root kit.
Discrepancies show up in HKLM\software\microsoft\cryptography\RNG\Speed such as "data mismatch between windows API and raw hive data" and
C:\windows\prefetch\notepad.exe=336351A9.pf with message "visible in directory index, but not windows API or MFT."
I believe this is a case where a file changes during the scan even though no applications are open during the scan.
Appreciate input from anyone with a better understanding of rootkit issues than myself.
Interperting results of Rootkit Revealer
No replies to this topic