Jump to content

Archived

This topic is now archived and is closed to further replies.

SAS-fan

SAS not detecting ZEPTER ROOTKIT?

Recommended Posts

I have used SAS-Pro for a number of months now and like the porgram. I also use JV 16 Powertools to keep my system clean. Upon cleaning the registry with the latest version of JV16, I saw an entry for an obsolete registry key.

HKEY_current_user\software\Zepter Software

When I remove the key, it recreates itself. I may have gotten this rootkit from my trial of anyDVD.

However it got there, SAS does not detect this.

Please advise.

EDIT: I downloaded and ran a program called regdelnull.exe. I had to modify the programs short cut to add " HKU -S" to the target box. Then ran the program. It deleted the registry key and this time the key did not recreate itself. So I have resolved the issue. However, I wanted to inform the folks at SAS just in case this is something that SAS could detect and remove in the future.

Share this post


Link to post
Share on other sites
I have used SAS-Pro for a number of months now and like the porgram. I also use JV 16 Powertools to keep my system clean. Upon cleaning the registry with the latest version of JV16, I saw an entry for an obsolete registry key.

HKEY_current_user\software\Zepter Software

When I remove the key, it recreates itself. I may have gotten this rootkit from my trial of anyDVD.

However it got there, SAS does not detect this.

Please advise.

EDIT: I downloaded and ran a program called regdelnull.exe. I had to modify the programs short cut to add " HKU -S" to the target box. Then ran the program. It deleted the registry key and this time the key did not recreate itself. So I have resolved the issue. However, I wanted to inform the folks at SAS just in case this is something that SAS could detect and remove in the future.

If it was just the registry key, that is not harmful and is likley just a left over trace. Thank you for the report.

Share this post


Link to post
Share on other sites

×
×
  • Create New...