Sophos Anti-Rootkit finds hidden reg entries that nothing else does

Latest scan with Sophos anti-rootkit is findingn the below hidden
registry entries and yet nothing else does. I have ran Avira anti
rootkit, F-Secure Blacklight, Rootkit Revelealer, Panda Anti-Rootkit,
and Avast boot time scanner. Nothing found. Should I be concerned about
the below or has Sophos sent me on a wild goose chase?

Area: Windows registry
Description: Hidden registry key
Location:
\HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\EscDomains\data-hoster.com
Removable: No
Notes: (no more detail available)

Area: Windows registry
Description: Hidden registry key
Location:
\HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\EscDomains\hausaufgaben–referate.de
Removable: No
Notes: (no more detail available)

Area: Windows registry
Description: Hidden registry key
Location:
\HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\EscDomains\host.sk
Removable: No
Notes: (no more detail available)

Area: Windows registry
Description: Hidden registry key
Location:
\HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\EscDomains\myvnc.com
Removable: No
Notes: (no more detail available)

Area: Windows registry
Description: Hidden registry key
Location:
\HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\EscDomains\oridian.com
Removable: No
Notes: (no more detail available)

From: "Ichibod" <no@email_for.me>

| Latest scan with Sophos anti-rootkit is findingn the below hidden
| registry entries and yet nothing else does. I have ran Avira anti
| rootkit, F-Secure Blacklight, Rootkit Revelealer, Panda Anti-Rootkit,
| and Avast boot time scanner. Nothing found. Should I be concerned about
| the below or has Sophos sent me on a wild goose chase?

| Area: Windows registry
| Description: Hidden registry key
| Location:
| \HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
| Settings\ZoneMap\EscDomains\data-hoster.com
| Removable: No
| Notes: (no more detail available)

| Area: Windows registry
| Description: Hidden registry key
| Location:
| \HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
| Settings\ZoneMap\EscDomains\hausaufgaben–referate.de
| Removable: No
| Notes: (no more detail available)

| Area: Windows registry
| Description: Hidden registry key
| Location:
| \HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
| Settings\ZoneMap\EscDomains\host.sk
| Removable: No
| Notes: (no more detail available)

| Area: Windows registry
| Description: Hidden registry key
| Location:
| \HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
| Settings\ZoneMap\EscDomains\myvnc.com
| Removable: No
| Notes: (no more detail available)

| Area: Windows registry
| Description: Hidden registry key
| Location:
| \HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
| Settings\ZoneMap\EscDomains\oridian.com
| Removable: No
| Notes: (no more detail available)

And what does Gmer report ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

On Mon, 09 Mar 2009 19:55:20 -0700, Ichibod <no@email_for.me> wrote:


>\HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
>Settings\ZoneMap\EscDomains\data-hoster.com

Are you using SpywareBlaster? Those look like entries that it creates.
If so, nothing to worry about.

-dan z-


--
Protect your civil rights!
Let the politicians know how you feel.
Join or donate to the NRA today!
http://membership.nrahq.org/default....ignid=XR014887

David H. Lipman wrote:

> And what does Gmer report ?
>

Nothing out of the usual that I can see.

> GMER 1.0.15.14878 - http://www.gmer.net
> Rootkit scan 2009-03-10 17:58:44
> Windows 5.1.2600 Service Pack 3
>
>
> ---- System - GMER 1.0.15 ----
>
> SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB75246B8]
> SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB7524574]
> SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB7524A52]
> SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB752414C]
> SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB752464E]
> SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB752408C]
> SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB75240F0]
> SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB752476E]
> SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB752472E]
> SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB75248AE]
>
> ---- User IAT/EAT - GMER 1.0.15 ----
>
> IAT C:\WINDOWS\system32\services.exe[528] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
> IAT C:\WINDOWS\system32\services.exe[528] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
>
> ---- Devices - GMER 1.0.15 ----
>
> AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
> AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
> AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
> AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
> AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
> AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
> AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
>
> ---- EOF - GMER 1.0.15 ----

From: "Ichibod" <no@email_for.me>

| David H. Lipman wrote:

>> And what does Gmer report ?


| Nothing out of the usual that I can see.

Yepper and your using the latest version of Gmer.

Put away your fears.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

slate_leeper wrote:

> Are you using SpywareBlaster? Those look like entries that it creates.
> If so, nothing to worry about.
>
> -dan z-

Thanks! Yes, I do have Spywareblaster installed. Uninstalling Sophos
anti-rootkit though because it made me waste hours of my time being
paranoid and downloading and running other anti-rootkit software.

Malwarebytes made me waste my time too about a month ago due to a false
positive. Grrr!

David H. Lipman wrote:

>
> | Nothing out of the usual that I can see.
>
> Yepper and your using the latest version of Gmer.
>
> Put away your fears.
>

Forgot to say thanks for the link to Gmer. Never used that prog before.
Seems like a decent little tool to add to my arsenal. Thanks.

From: "Ichibod" <no@email_for.me>

| David H. Lipman wrote:


>> | Nothing out of the usual that I can see.

>> Yepper and your using the latest version of Gmer.

>> Put away your fears.


| Forgot to say thanks for the link to Gmer. Never used that prog before.
| Seems like a decent little tool to add to my arsenal. Thanks.

I'd say... More than decent. :-)

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp