TechSpot

Are these rootkits?

By HiJackThis1.99
Apr 16, 2008
  1. From my experience of fighting against trojans I realized that (for Windows) a lot of them are downloader viruses and download stuff of the internet. They are randomly named ".dll" files which are located in the:
    /HKLM/SOFTWARE/MICROSOFT/WINDOWS NT/CURRENT VERSION/WINLOGON/ .....

    After that .... it changes from XP to Vista. In XP I remember it was Notify32, or something like that. And it gives you all the OS dll's. While in Vista it is something else. Do you know what I am talking about?

    So my questions are:
    1)What is the analogue of that Registry location for Vista?
    2)Are these dll rootkits?

    I am asking because I once had difficulty removing a trojan off my computer because it was a .dll file which make the OS thing it was a system file. But AVG Anti-Spyware had this nice feature to delete on reboot which solved the problem.
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    You can upload files here to inspect:
    http://www.virustotal.com/

    But I'm lost in your question, were you replying to someone, or are you asking for help.
     
  3. jobeard

    jobeard TS Ambassador Posts: 9,348   +622

    (1) the XP registry files are in
    \windows\system32\config; there are FIVE that act as a database=='the registry'

    (2) a rootkit differs from a trojan or virus in that it hides inside an existing module
    of the OS, where as trojans and viri add modules and then make them run at boot time.
    Obviously, extra modules are easier to defeat than mods to REAL OS code!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...