Rootkitrevealer won't run

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

aSILENTfire

Thread Starter
Joined
Mar 9, 2012
Messages
142
I have never been able to get Rootkitrevealer from sysinternals to run on any of 3 of my computers that I have tried it on.. from the sysinternals suite that I have had for a while I couldn't run it and its help file was blank. I just re-downloaded it and it still wont run, but I can read the help file.

I tried running in compatibility mode but it still didn't work.. any ideas on how to force this thing to run?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
it will not run on some computers. There is no reason why, but it just won't run & doesn't mean that you have any infection

what operating system do the computers use
 

aSILENTfire

Thread Starter
Joined
Mar 9, 2012
Messages
142
I am currently running Windows 8 (64-bit), but I have previously tried it on multiple computers with XP, and I may have tried running it on Win7 although I don't remember specifically. I have also tried some (unnamed) bootable repair media similar to (but not) XP with rootkitrevealer included, and dice there either. I have tried safe mode in XP, 8, and possibly 7.

Right now, if I try to run Rootkitrevealer, UAC asks if I want to allow it and I click yes, then the mouse pointer indicates activity for about 4-5 seconds then it goes dark. It would be nice to see what is happening within these 4-5 seconds, but I'm not sure how to do that. Process Monitor might illuminate the problem, but I'm not very fluent in its use.. Are there any flags that I could look for that might indicate the problem?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
RR will not run on W8 (either 32 or 64 bit) and won't run on W7 (64bit)

It is very possible that your security software on XP will block it running
I know that Avast, Comodo, Zone Alarm and many others do block RR & many other rootkit programs from running
This is a very specialised subject though and beyond the capabilities to offer any advice here
When it is this specific to a program, ask for help on the developers forum http://forum.sysinternals.com/

but it only ever has been "approved" for use on XP & never for any other OS,( even though it might have worked on it )
 

aSILENTfire

Thread Starter
Joined
Mar 9, 2012
Messages
142
Well I do have AVG atm, will be getting BitDefender soon, hopefully it plays nice with Comodo's firewall.. anyways I found an error report if you wouldn't mind taking a glance at it, maybe you can spot the problem:

Version=1
EventType=APPCRASH
EventTime=130030541630548453
ReportType=2
Consent=1
UploadTime=130032253902847416
ReportIdentifier=f17c8f91-6209-11e2-bea8-98ba5924d133
IntegratorReportIdentifier=f17c8f90-6209-11e2-bea8-98ba5924d133
WOW64=1
NsAppName=RootkitRevealer.exe
Response.BucketId=95be86114c67840842f1b3553802b031
Response.BucketTable=1
Response.LegacyBucketId=340250271
Response.type=4
Sig[0].Name=Application Name
Sig[0].Value=RootkitRevealer.exe
Sig[1].Name=Application Version
Sig[1].Value=1.71.0.0
Sig[2].Name=Application Timestamp
Sig[2].Value=44e255aa
Sig[3].Name=Fault Module Name
Sig[3].Value=RootkitRevealer.exe
Sig[4].Name=Fault Module Version
Sig[4].Value=1.71.0.0
Sig[5].Name=Fault Module Timestamp
Sig[5].Value=44e255aa
Sig[6].Name=Exception Code
Sig[6].Value=c0000005
Sig[7].Name=Exception Offset
Sig[7].Value=000040cd
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.2.9200.2.0.0.768.101
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=5ecf
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=5ecf545c62a4c4b78fc2fad4d64b16b9
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=2f55
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=2f55aa70ca6355e52df39ef895eff6e2
UI[2]=C:\Users\SILENT\Desktop\RootkitRevealer.exe
UI[3]=Rootkit detection utility has stopped working
UI[4]=Windows can check online for a solution to the problem the next time you go online.
UI[5]=Check online for a solution and close the program
UI[6]=Check online for a solution later and close the program
UI[7]=Close the program
LoadedModule[0]=C:\Users\SILENT\Desktop\RootkitRevealer.exe
LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\Windows\SYSTEM32\KERNEL32.DLL
LoadedModule[3]=C:\Windows\SYSTEM32\KERNELBASE.dll
LoadedModule[4]=C:\Windows\SYSTEM32\VERSION.dll
LoadedModule[5]=C:\Windows\SYSTEM32\USER32.dll
LoadedModule[6]=C:\Windows\SYSTEM32\GDI32.dll
LoadedModule[7]=C:\Windows\SYSTEM32\comdlg32.dll
LoadedModule[8]=C:\Windows\SYSTEM32\ADVAPI32.dll
LoadedModule[9]=C:\Windows\SYSTEM32\SHELL32.dll
LoadedModule[10]=C:\Windows\SYSTEM32\ole32.dll
LoadedModule[11]=C:\Windows\SYSTEM32\OLEAUT32.dll
LoadedModule[12]=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985\COMCTL32.dll
LoadedModule[13]=C:\Windows\SYSTEM32\MPR.dll
LoadedModule[14]=C:\Windows\SYSTEM32\msvcrt.dll
LoadedModule[15]=C:\Windows\SYSTEM32\SHLWAPI.dll
LoadedModule[16]=C:\Windows\SYSTEM32\sechost.dll
LoadedModule[17]=C:\Windows\SYSTEM32\RPCRT4.dll
LoadedModule[18]=C:\Windows\SYSTEM32\combase.dll
LoadedModule[19]=C:\Windows\SYSTEM32\SspiCli.dll
LoadedModule[20]=C:\Windows\SYSTEM32\SHCORE.DLL
LoadedModule[21]=C:\Windows\SYSTEM32\CRYPTBASE.dll
LoadedModule[22]=C:\Windows\SYSTEM32\bcryptPrimitives.dll
LoadedModule[23]=C:\Windows\system32\IMM32.DLL
LoadedModule[24]=C:\Windows\SYSTEM32\MSCTF.dll
LoadedModule[25]=C:\Windows\SYSTEM32\wtsapi32.dll
State[0].Key=Transport.DoneStage1
State[0].Value=1
FriendlyEventName=Stopped working
ConsentKey=APPCRASH
AppName=Rootkit detection utility
AppPath=C:\Users\SILENT\Desktop\RootkitRevealer.exe
NsPartner=windows
NsGroup=windows8
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top