1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Rootkitrevealer won't run

Discussion in 'General Security' started by aSILENTfire, Jan 19, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. aSILENTfire

    aSILENTfire Thread Starter

    Joined:
    Mar 9, 2012
    Messages:
    142
    I have never been able to get Rootkitrevealer from sysinternals to run on any of 3 of my computers that I have tried it on.. from the sysinternals suite that I have had for a while I couldn't run it and its help file was blank. I just re-downloaded it and it still wont run, but I can read the help file.

    I tried running in compatibility mode but it still didn't work.. any ideas on how to force this thing to run?
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    it will not run on some computers. There is no reason why, but it just won't run & doesn't mean that you have any infection

    what operating system do the computers use
     
  3. aSILENTfire

    aSILENTfire Thread Starter

    Joined:
    Mar 9, 2012
    Messages:
    142
    I am currently running Windows 8 (64-bit), but I have previously tried it on multiple computers with XP, and I may have tried running it on Win7 although I don't remember specifically. I have also tried some (unnamed) bootable repair media similar to (but not) XP with rootkitrevealer included, and dice there either. I have tried safe mode in XP, 8, and possibly 7.

    Right now, if I try to run Rootkitrevealer, UAC asks if I want to allow it and I click yes, then the mouse pointer indicates activity for about 4-5 seconds then it goes dark. It would be nice to see what is happening within these 4-5 seconds, but I'm not sure how to do that. Process Monitor might illuminate the problem, but I'm not very fluent in its use.. Are there any flags that I could look for that might indicate the problem?
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    RR will not run on W8 (either 32 or 64 bit) and won't run on W7 (64bit)

    It is very possible that your security software on XP will block it running
    I know that Avast, Comodo, Zone Alarm and many others do block RR & many other rootkit programs from running
    This is a very specialised subject though and beyond the capabilities to offer any advice here
    When it is this specific to a program, ask for help on the developers forum http://forum.sysinternals.com/

    but it only ever has been "approved" for use on XP & never for any other OS,( even though it might have worked on it )
     
  5. aSILENTfire

    aSILENTfire Thread Starter

    Joined:
    Mar 9, 2012
    Messages:
    142
    Well I do have AVG atm, will be getting BitDefender soon, hopefully it plays nice with Comodo's firewall.. anyways I found an error report if you wouldn't mind taking a glance at it, maybe you can spot the problem:

    Version=1
    EventType=APPCRASH
    EventTime=130030541630548453
    ReportType=2
    Consent=1
    UploadTime=130032253902847416
    ReportIdentifier=f17c8f91-6209-11e2-bea8-98ba5924d133
    IntegratorReportIdentifier=f17c8f90-6209-11e2-bea8-98ba5924d133
    WOW64=1
    NsAppName=RootkitRevealer.exe
    Response.BucketId=95be86114c67840842f1b3553802b031
    Response.BucketTable=1
    Response.LegacyBucketId=340250271
    Response.type=4
    Sig[0].Name=Application Name
    Sig[0].Value=RootkitRevealer.exe
    Sig[1].Name=Application Version
    Sig[1].Value=1.71.0.0
    Sig[2].Name=Application Timestamp
    Sig[2].Value=44e255aa
    Sig[3].Name=Fault Module Name
    Sig[3].Value=RootkitRevealer.exe
    Sig[4].Name=Fault Module Version
    Sig[4].Value=1.71.0.0
    Sig[5].Name=Fault Module Timestamp
    Sig[5].Value=44e255aa
    Sig[6].Name=Exception Code
    Sig[6].Value=c0000005
    Sig[7].Name=Exception Offset
    Sig[7].Value=000040cd
    DynamicSig[1].Name=OS Version
    DynamicSig[1].Value=6.2.9200.2.0.0.768.101
    DynamicSig[2].Name=Locale ID
    DynamicSig[2].Value=1033
    DynamicSig[22].Name=Additional Information 1
    DynamicSig[22].Value=5ecf
    DynamicSig[23].Name=Additional Information 2
    DynamicSig[23].Value=5ecf545c62a4c4b78fc2fad4d64b16b9
    DynamicSig[24].Name=Additional Information 3
    DynamicSig[24].Value=2f55
    DynamicSig[25].Name=Additional Information 4
    DynamicSig[25].Value=2f55aa70ca6355e52df39ef895eff6e2
    UI[2]=C:\Users\SILENT\Desktop\RootkitRevealer.exe
    UI[3]=Rootkit detection utility has stopped working
    UI[4]=Windows can check online for a solution to the problem the next time you go online.
    UI[5]=Check online for a solution and close the program
    UI[6]=Check online for a solution later and close the program
    UI[7]=Close the program
    LoadedModule[0]=C:\Users\SILENT\Desktop\RootkitRevealer.exe
    LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
    LoadedModule[2]=C:\Windows\SYSTEM32\KERNEL32.DLL
    LoadedModule[3]=C:\Windows\SYSTEM32\KERNELBASE.dll
    LoadedModule[4]=C:\Windows\SYSTEM32\VERSION.dll
    LoadedModule[5]=C:\Windows\SYSTEM32\USER32.dll
    LoadedModule[6]=C:\Windows\SYSTEM32\GDI32.dll
    LoadedModule[7]=C:\Windows\SYSTEM32\comdlg32.dll
    LoadedModule[8]=C:\Windows\SYSTEM32\ADVAPI32.dll
    LoadedModule[9]=C:\Windows\SYSTEM32\SHELL32.dll
    LoadedModule[10]=C:\Windows\SYSTEM32\ole32.dll
    LoadedModule[11]=C:\Windows\SYSTEM32\OLEAUT32.dll
    LoadedModule[12]=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985\COMCTL32.dll
    LoadedModule[13]=C:\Windows\SYSTEM32\MPR.dll
    LoadedModule[14]=C:\Windows\SYSTEM32\msvcrt.dll
    LoadedModule[15]=C:\Windows\SYSTEM32\SHLWAPI.dll
    LoadedModule[16]=C:\Windows\SYSTEM32\sechost.dll
    LoadedModule[17]=C:\Windows\SYSTEM32\RPCRT4.dll
    LoadedModule[18]=C:\Windows\SYSTEM32\combase.dll
    LoadedModule[19]=C:\Windows\SYSTEM32\SspiCli.dll
    LoadedModule[20]=C:\Windows\SYSTEM32\SHCORE.DLL
    LoadedModule[21]=C:\Windows\SYSTEM32\CRYPTBASE.dll
    LoadedModule[22]=C:\Windows\SYSTEM32\bcryptPrimitives.dll
    LoadedModule[23]=C:\Windows\system32\IMM32.DLL
    LoadedModule[24]=C:\Windows\SYSTEM32\MSCTF.dll
    LoadedModule[25]=C:\Windows\SYSTEM32\wtsapi32.dll
    State[0].Key=Transport.DoneStage1
    State[0].Value=1
    FriendlyEventName=Stopped working
    ConsentKey=APPCRASH
    AppName=Rootkit detection utility
    AppPath=C:\Users\SILENT\Desktop\RootkitRevealer.exe
    NsPartner=windows
    NsGroup=windows8
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085906

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice