18 replies to this topic

[garyhite]

here is the file, by the way, i did some research on zepter software and this seems to be a particularly difficult rootkit to remove- i hope you can help me with this HKLM\S-1-5-21-3814337359-3193888343-2863382003-1003\Software\Zepter Software\RegLib*78fa2508 5/12/2006 10:25 PM 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 6/7/2006 8:02 AM 80 bytes Data mismatch between Windows API and raw hive data. C:\Program Files\Norton AntiVirus\Savrt\0374NAV~.TMP 6/7/2006 8:14 AM 0 bytes Hidden from Windows API.

[little eagle]

Download blacklight

Instructions on usage here.

Rename the file and remove it.

[garyhite]

i downloaded and ran blacklight, but it did not find the zepter rootkit. I read that a program called regdelnull can eliminate this rootkit but it said that I "need to run RegDelNull from a Command Prompt, complete with command line parameters. Or from a shortcut where you have manually appended those parameters into the Target box of the shortcut's properties" and this kind of operation is a bit over my head. if you could give me step by step instruction on this i think i may be able to accomplish this, unless you have a safer idea

[little eagle]

After checking it seams that it is nothing to worry about.

if you could give me step by step instruction on this i think i may be able to accomplish this

I would not fell comfortable giving instructions on how to do that.
Sorry might post here. http://www.sysintern...asp?FID=17&PN=0

Edited by little eagle, 08 June 2006 - 05:14 AM.