Detecting and removing rootkits in Windows
I read through Kurt Dillard's "Prevention Guide: Detecting and removing rootkits in Windows."
On one of my PCs, I found rootkits with Sysinternals RootkitRevealer. I found no other rootkits on any other PCs even though an extensive number of software packages are installed. By doing a file search for date and time, I determined these were installed during the installation of Pinnacle Studio 9. Pinnacle tech support said these are not spyware and are needed for Studio to work. However, they are not removed during uninstall and I am not confident that Pinnacle understood my questions, nor rootkits, nor gave a reliable evaluation. I need a second opinion.
Based on what I've seen, it's actually very common for many Windows applications to leave junk in the registry such as this. I'm not a developer, but I can't imagine why it would be considered good practice to clog up someone's registry with entries that are no longer needed. I would recommend running another rootkit remover or process explorer such as UnHackMe
, Process Explorer
to see if anything looks malicious. Otherwise, backup your registry and delete those entries if you're uncomfortable with them, or contact Pinnacle and ask to speak to a level 2 support person who can help you with those entries.
This was first published in May 2005