FYI: Rootkit Detection Utility Components

By jobeard ยท 5 replies
Jan 8, 2008
  1. ZD.exe, EGOQGPR.exe and LPELLB.exe are components of the Rootkit Detection utility.

    they ALL will reside at %UserProfile%\Local Settings\Temp and must be installed via an Admin account.

    bizarre name to be sure, but they are ligit


    Deckard's Scanner, HJT, et all need to be updated to reflect this information.

    edit: Location corrected.
    Source RookKit Revealer

  2. momok

    momok TS Rookie Posts: 2,265

    Where did you get this information from?
    I'm concerned because they don't turn up anything in google or yahoo.
  3. jobeard

    jobeard TS Ambassador Topic Starter Posts: 11,128   +982

    I installed the Package Rootkit Detection and ran it.

    Later, I discovered three services by the names list. Going to the directory
    and exploring the Properties of each, I determined that all three were from
    that package.
  4. momok

    momok TS Rookie Posts: 2,265

    Hmm. Very interesting. Just curious, why did you use that btw, since there's Panda and AVG antirootkit recommended in our removal thread?

    EDIT: It seems google now turns up this thread as the only hit for those files hehe
  5. jobeard

    jobeard TS Ambassador Topic Starter Posts: 11,128   +982

    re Google; yes, I find that our threads are visible quite quickly.

    Sysinternals is well respected too. I try multiple versions of security tools,
    especially when they are free.

    The motivation for the post was the bizarre names; I nearly paniced when I saw them! After my research,
    I thought that they might be tagged as suspects in HJT et al log files and get errantly deleted.

    My only concern would be the effort being made to keep this tool current.
  6. momok

    momok TS Rookie Posts: 2,265

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...