tag:blogger.com,1999:blog-9518042.post110912006584876373..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: SysInternals gets in on the gameUnknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-9518042.post-1109399974364673022005-02-26T01:39:00.000-05:002005-02-26T01:39:00.000-05:00I just got this on isc.org...
What you are seeing...I just got this on isc.org...<br /><br />What you are seeing is RootkitRevealer noting NTFS metafiles. Metafiles are listed in the MFT (Master File Table) but are not intended for usersace access, thus are "hidden" from the Windows API. RootkitRevealer identifies discrepancies between low-level access results and API access results, thus can't make any determinations on the integrity of metadata files.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1109156210689523202005-02-23T05:56:00.000-05:002005-02-23T05:56:00.000-05:00I'd highly recommend adding rootkitrevcons.exe, wi...I'd highly recommend adding rootkitrevcons.exe, with the '-c' switch, to your fruc.ini file.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1109139658618912972005-02-23T01:20:00.000-05:002005-02-23T01:20:00.000-05:00I got the same messages, and if you check out http...I got the same messages, and if you check out http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml the hackdefender.gif shows the same messages. In the little bit of time I have put into this so far (not much as I just got the tool), I haven't come across anything explaining this yet.Anonymousnoreply@blogger.com