An Error Occured In Cmd Exe That Prevents Rootkitrevealer
List Welcome Guide More BleepingComputer.com → Security → Am I infected? What do I do? Javascript Disabled Detected You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Click here to Register a free account now! or read our Welcome Guide to learn how to use this site. Rootkit Revealer Says Error In Cmd.exe Started by jerryc , Oct 22 2007 09:18 PM Please log in to reply 1 reply to this topic #1 jerryc jerryc Members 91 posts OFFLINE Local time:01:49 AM Posted 22 October 2007 - 09:18 PM XP Pro, fully updated, Trend Micro, Spywareblaster, Adaware, A2, all show no current problems. did get a keylogger a few months ago, which was so severe it shut off Trend. All seems pretty well with that now, but sometimes I think there still may be some issue there as occasionally the keys seem slow, or double strike. I just ran Rootkit Revealer and got the title message, that "there's an error in cmd.exe which prevents RR from accurately analyzing the system." These below are the first 5 lines that were captured before it quit. The first two are from April, the rest are today. There were many more lines, all of which were Temp Int Files which I have since deleted, but I have not yet rescanned. HKLM\SECURITY\Policy\Secrets\SAC* 4/24/2007 3:41 PM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 4/24/2007 3:41 PM 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\TotalScanned 10/22/2007 3:37 PM 4 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\LastScannedFileName 10/22/2007 3:37 PM 49 bytes Windows API length not consistent with raw hive data. C:\Documents and Settings\Administrator\Cookies\administrator@customer[2].txt 10/22/2007 3:57 PM 104 bytes Hidden from Windows API. Any thoughts? Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 quietman7 quietman7 Bleepin' Janitor Global Moderator 45,312 posts OFFLINE Gender:Male L
Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Ask a Question Ask for Help Receive Real-Time Help Create a https://www.experts-exchange.com/questions/22770989/spooldr-sys.html Freelance Project Hire for a Full Time Job Ways to Get Help Expand Search Submit Close Search Login Join Today Products BackProducts Gigs Live Careers Vendor Services Groups Website http://www.trojaner-board.de/98634-neustarts-bluescreens-deaktivierung-maus-tastatur-eingriffe-systemeinstellungen.html Testing Store Headlines Experts Exchange > Questions > spooldr.sys Want to Advertise Here? Solved spooldr.sys Posted on 2007-08-17 Anti-Virus Apps Windows XP 1 Verified Solution 36 Comments 3,876 Views an error Last Modified: 2013-11-22 I have an interesting situation. A client called and told me that her computer wouldn't shut down. Actually, it would shut down but then it would immediately reboot. I reset the machine so it would not restart after an error which caused me to get the infamous blue screen of death with the "PAGE_FAULT_IN_NONPAGED_AREA" error message. an error occured The STOP error was 0x00000050. I tried to do a system restore but was unable to because there was an update to Adobe Reader the day I picked. I changed the settings back so that she could at least use her computer until I could get back to it. When I returned she told me that the machine now would boot to the desktop and then restart itself. I treid several times to start it normally with no success. Then I started the machine in Safe Mode and everything seemed to work except for her mouse. (It is not a PS/2 or USB but a parallel port mouse). I returned to the Advanced Options screen and chose "Disable Auto Restart on System Fail." This gave me a blue screen when the computer tried to restart. The error message was "The Problem seems to be caused by the following file - spooldr.sys." Again I had the "PAGE_FAULT_IN_NONPAGED_AREA" error message. the technical information was Address - F89C29BD, base at F89C1000, Date Stamp - 469e788d. STOP 0x00000050(0x00000000, 0
Art und deren Bekämpfung: Neustarts, Bluescreens, Deaktivierung von Maus und Tastatur, Eingriffe in die Systemeinstellungen Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. Foren durchsuchen Zeige Themen Zeige Beiträge Stichwortsuche Erweiterte Suche Gehe zu... 03.05.2011, 10:43 #1 jhartmann Neustarts, Bluescreens, Deaktivierung von Maus und Tastatur, Eingriffe in die Systemeinstellungen Guten Tag, ich arbeite an einem Bürocomputer mit folgenden Eigenschaften:Windows XP Service Pack 3 Automatische Updates sind aktiviert Windows-Firewall ist aktiviert G-Data Antivirus 10.7 Client ist aktiv Der angemeldete Benutzer jhartmann verfügt über ein eingeschränktes Benutzerkonto Es treten vor allem folgende Phänomene auf:Bluescreens Deaktiverung von Maus und Tastatur Plötzliche Neustarts Neustarts, weil LSASS.EXE unerwartet beendet wurde Eingriffe in die Registrierungsdatenbank Da diese Effekte bei einem Arbeitskollegen nahezu identisch auftreten, kann man einen Hardwaredefekt (Maus/Tastatur, Bluescreen) denke ich ausschließen. Mein Arbeitskollege hat als Gegenmaßnahme Windows XP neu installiert und den MBR der Festplatte überschrieben, für den Fall, dass es sich um ein Bootkit handeln sollte. Ich bitte um die Einschätzung eines Experten, ob es sich um ein Rootkit oder etwas anderes handelt. Vielen Dank. Gruß Jan Hartmann Eine Chronologie der Ereignisse habe ich hier aufgeführt: 2011-03-17 15:28 Maus und Tastatur sind deaktiviert. 15:30 Bluescreen 15:34 Plö