Q

Detecting and removing rootkits in Windows

I read through Kurt Dillard's "Prevention Guide: Detecting and removing rootkits in Windows." On one of my PCs, I found rootkits with Sysinternals RootkitRevealer. I found no other rootkits on any other PCs even though an extensive number of software packages are installed. By doing a file search for date and time, I determined these were installed during the installation of Pinnacle Studio 9. Pinnacle tech support said these are not spyware and are needed for Studio to work. However, they are not removed during uninstall and I am not confident that Pinnacle understood my questions, nor rootkits, nor gave a reliable evaluation. I need a second opinion.
Based on what I've seen, it's actually very common for many Windows applications to leave junk in the registry such as this. I'm not a developer, but I can't imagine why it would be considered good practice to clog up someone's registry with entries that are no longer needed. I would recommend running another rootkit remover or process explorer such as UnHackMe, Process Explorer or Vision to see if anything looks malicious. Otherwise, backup your registry and delete those entries if you're uncomfortable with them, or contact Pinnacle and ask to speak to a level 2 support person who can help you with those entries.
This was first published in May 2005

Dig deeper on Endpoint security management tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close