| Re: Faulting application
Thank you for this information,
I did download sysinternal rootkit revealer resultes are below;
"Hidden from Windows API.",10/18/2005 4:23 AM,2.50 KB,"C:\$AttrDef"
"Hidden from Windows API.",10/18/2005 4:23 AM,0 bytes,"C:\$BadClus"
"Hidden from Windows API.",10/18/2005 4:23 AM,14.65 GB,"C:\$BadClus:$Bad"
"Hidden from Windows API.",10/18/2005 4:23 AM,468.81 KB,"C:\$Bitmap"
"Hidden from Windows API.",10/18/2005 4:23 AM,8.00 KB,"C:\$Boot"
"Hidden from Windows API.",10/18/2005 4:23 AM,0 bytes,"C:\$Extend"
"Hidden from Windows API.",10/18/2005 4:23 AM,0 bytes,"C:\$Extend\$ObjId"
"Hidden from Windows API.",10/18/2005 4:23 AM,0 bytes,"C:\$Extend\$Quota"
"Hidden from Windows API.",10/18/2005 4:23 AM,0 bytes,"C:\$Extend\$Reparse"
"Hidden from Windows API.",10/18/2005 4:23 AM,64.00 MB,"C:\$LogFile"
"Hidden from Windows API.",10/18/2005 4:23 AM,11.67 MB,"C:\$MFT"
"Hidden from Windows API.",10/18/2005 4:23 AM,4.00 KB,"C:\$MFTMirr"
"Hidden from Windows API.",10/18/2005 4:23 AM,0 bytes,"C:\$Secure"
"Hidden from Windows API.",10/18/2005 4:23 AM,128.00 KB,"C:\$UpCase"
"Hidden from Windows API.",10/18/2005 4:23 AM,0 bytes,"C:\$Volume"
"Hidden from Windows API.",10/18/2005 4:24 AM,2.50 KB,"E:\$AttrDef"
"Hidden from Windows API.",10/18/2005 4:24 AM,0 bytes,"E:\$BadClus"
"Hidden from Windows API.",10/18/2005 4:24 AM,41.24 GB,"E:\$BadClus:$Bad"
"Hidden from Windows API.",10/18/2005 4:24 AM,1.29 MB,"E:\$Bitmap"
"Hidden from Windows API.",10/18/2005 4:24 AM,8.00 KB,"E:\$Boot"
"Hidden from Windows API.",10/18/2005 4:24 AM,0 bytes,"E:\$Extend"
"Hidden from Windows API.",10/18/2005 4:24 AM,0 bytes,"E:\$Extend\$ObjId"
"Hidden from Windows API.",10/18/2005 4:24 AM,0 bytes,"E:\$Extend\$Quota"
"Hidden from Windows API.",10/18/2005 4:24 AM,0 bytes,"E:\$Extend\$Reparse"
"Hidden from Windows API.",10/18/2005 4:24 AM,64.00 MB,"E:\$LogFile"
"Hidden from Windows API.",10/18/2005 4:24 AM,135.97 MB,"E:\$MFT"
"Hidden from Windows API.",10/18/2005 4:24 AM,4.00 KB,"E:\$MFTMirr"
"Hidden from Windows API.",10/18/2005 4:24 AM,0 bytes,"E:\$Secure"
"Hidden from Windows API.",10/18/2005 4:24 AM,128.00 KB,"E:\$UpCase"
"Hidden from Windows API.",10/18/2005 4:24 AM,0 bytes,"E:\$Volume"
I also downloaded Sypsweeper from webroot, it has the feature of checking
for rootkit, this found 1 item, I am getting somewhere.
Once again thank you for your help,
SteveL
"GSV Three Minds in a Can" wrote:
> Bitstring <8C657822-986D-45F5-98E3-52C48990A047@microsoft.com>, from the
> wonderful person SteveL <SteveL@discussions.microsoft.com> said
> >I have searched for this file on my system, non found, I searched my registry
> >for the file name, and nothing there.
> >
> >Can someone tell me as to why I am having a faulting app on a non existing
> >file?
> >
> >Application Error Faulting application pprekop.exe, version 4.2.0.172,
> >faulting module ole32.dll, version 5.1.2600.2182, fault address 0x10017bed.
>
> Sounds like you might be infected then, down at the rootkit level.
> Google Is Your Friend - there are several rootkit revealers/removers
> available. I'd personally start with rootkit revealer from sysinternals,
> since that doesn't attempt to fix anything.
>
> /rant on
> The way M$ have constructed Windows (for the benefit of Digital Rights
> Mgmt folks, and virus writing spamming b&stards) it is quite possible to
> hide both files (and folders) and registry keys. Go look at
> HKLM\security with regedit .. see anything? Nope you wont. Now export
> it. Now you see it. However what you see is binary/hex/whatever,
> designed to be hard to search and modify. And you actually have
> permissions for that key - there are probably several on your system
> that you don't even have read access for (unless you are logged on as
> 'SYSTEM').
>
> The 'personal' computer is rapidly becoming more M$'s property than your
> own, except when some trojan/virus/spyware/rootkit has already claimed
> it for itself.
> /end rant
>
> --
> GSV Three Minds in a Can
> 7,053 Km walked. 1,267Km PROWs surveyed. 23.0% complete.
>
 |