Go Back   Technibble Forums > Technical Discussions > Security, Viruses and Trojans

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 05-12-2012, 08:50 PM
TechLady's Avatar
TechLady TechLady is offline
 
Join Date: Sep 2011
Location: CA
Posts: 724
TechLady has a spectacular aura aboutTechLady has a spectacular aura about
Default What GMER found on my bench machine

So I ran GMER on my test bench machine just for ha ha's...and it found this:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-12 13:46:29
Windows 6.1.7600
Running: nr7knxxh.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d3 6e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{C941EA10-6499-4293-ABBE-823E71A6FB60}?\Device\{8A7DF796-2B36-47A5-9FF7-6054DA4D5AC7}?\Device\{5226AEFD-382A-43D7-AE76-D66A12518BB4}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d3 6e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{C941EA10-6499-4293-ABBE-823E71A6FB60}"?"{8A7DF796-2B36-47A5-9FF7-6054DA4D5AC7}"?"{5226AEFD-382A-43D7-AE76-D66A12518BB4}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d3 6e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{C941EA10-6499-4293-ABBE-823E71A6FB60}?\Device\TCPIP6TUNNEL_{8A7DF796-2B36-47A5-9FF7-6054DA4D5AC7}?\Device\TCPIP6TUNNEL_{5226AEFD-382A-43D7-AE76-D66A12518BB4}?
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Epoch@Epoch 585
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Epoch2@Epoch 477
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces\{14A4C815-30A4-487B-A65C-B991E0733348}@LeaseObtainedTime 1336844439
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces\{14A4C815-30A4-487B-A65C-B991E0733348}@T1 -810639210
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces\{14A4C815-30A4-487B-A65C-B991E0733348}@T2 1873715350
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Para meters\Interfaces\{08fe8736-b5be-4326-8391-b8df0917ff84}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Para meters\Interfaces\{2ad5242c-6a7b-4071-ac2a-53df72bb0f90}@Dhcpv6State 0

---- EOF - GMER 1.0.15 ----

Not sure what to make of it, if anything.

UPDATE: Interestingly, when I run it on my C: drive alone it finds nothing. All the above seems to be from my clone of the machine, on B:. Also, none of the entries are in red.
__________________
* * * * * * * * * * * *
builtbymom.com
Everything tech with a mom's touch

G+ | Facebook | Twitter

Last edited by TechLady; 05-12-2012 at 11:40 PM.
Reply With Quote
  #2  
Old 06-20-2012, 02:38 AM
PcTek9's Avatar
PcTek9 PcTek9 is offline
 
Join Date: Nov 2009
Location: Mobile, AL
Posts: 1,002
PcTek9 has a spectacular aura aboutPcTek9 has a spectacular aura about
Send a message via AIM to PcTek9 Send a message via Yahoo to PcTek9 Send a message via Skype™ to PcTek9
Default

What are you using to clone this drive?
__________________
First in Research & Development of Magical Technology.
http://www.technibble.com/forums/image.php?type=sigpic&userid=11296&dateline=127803  7559
Reply With Quote
Reply

Tags
gmer, rootkits

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:42 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.