# RootkitRevealer



## Marlene2 (Feb 13, 2005)

Hi All,
I ran RootkitRevealer tonite, as I do each week.
This is the first time it has ever displayed anything, and I'm not sure if it's something to be alarmed by so thought I'd post here where the Computer experts can help me out.

There were 2 entries identical:
path: HKLM/Security/Policy/Secrets/SAC 


Size: 0


Description-Key name contains embedded null (*)

And the 3rd entry:

D: size 0: Error Mounting Volume

Don't have a clue what all this means. Any help would be greatly appreciated.

Thanks,
Marlene2


----------



## Glaswegian (Sep 16, 2005)

Hi

I'm no expert when it comes to reading Rootkit logs, but if you did have a rootkit, entries would show up such as

*C:\Documents and Settings\blah\blah 7/17/2006 4:44 PM 38.50 KB Hidden from Windows API.*

I'm not sure exactly what the entries you posted mean, but I don't believe it's anything to worry about.


----------



## Kalim (Nov 24, 2006)

Marlene2 said:


> There were 2 entries identical:
> path: HKLM/Security/Policy/Secrets/SAC
> Size: 0
> 
> Description-Key name contains embedded null (*)


 Are you sure the second one wasn't *HKLM\Security\Policy\Secrets\SAI*?

Those keys are legitimate, but their origins hadn't been confirmed by Rootkit Revealer developers last I spoke to them in November.

Nothing to worry about. :wink:


----------



## Marlene2 (Feb 13, 2005)

Thanks for your replys! I went back in and started RootkitRevealer again today just to make sure I had the post correct and it does come up SAC.
It comes up almost immediately after it starts.

The pc seems to be running fine, so I'm taking your advise and am just not going to worry about it.

Thanks again!
This support forum is the BEST!
Marlene2


----------



## tetonbob (Jan 10, 2005)

As Glaswegian and Kalim have pointed out, nothing to worry about:

http://forum.sysinternals.com/forum_posts.asp?TID=8881&PN=1


----------

