Author Topic: Rootkit.hiddenvalue[at]0  (Read 13674 times)

Offline Matty_R

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2532
  • How long is a piece of string?
Rootkit.hiddenvalue[at]0
« on: January 25, 2011, 09:50:28 AM »
Just looking at the scan results for my old mans XP pro box and i keep getting (after a full scan) the entry`s

Rootkiy.hiddenvalue[at]0 for

HKEY_USER\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE
HKEY_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\nltide_3
HKEY_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

I try and use the Clean or Disinfect and it states "Not all threats have been removed" Infact it doesn`t remove any of them, subsequent scans still show them. The keys aren`t present in regedit
Scanned with GMER/Sophos anti-rootkit and all seems fine. Scanned from Avira disc, no problem.

Any thoughts on this anyone?

Cheers,
Matty
A couple of computers :P

Offline Ionel

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3580
Re: Rootkit.hiddenvalue[at]0
« Reply #1 on: January 25, 2011, 10:36:17 AM »
Hi Matty_R,

Can you please export the detected keys from registry, find the corresponding files to whom registry data refer to, and submit them to us?

Thanks and regards,
Ionel
« Last Edit: January 25, 2011, 10:38:12 AM by Ionel »

Offline Matty_R

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2532
  • How long is a piece of string?
Re: Rootkit.hiddenvalue[at]0
« Reply #2 on: January 26, 2011, 07:35:31 AM »
Hi Matty_R,

Can you please export the detected keys from registry, find the corresponding files to whom registry data refer to, and submit them to us?

Thanks and regards,
Ionel

Hi Ionel,

The keys are not present in the registry. At least regedit doesn`t show them to be there (will try with regalyzer in a bit). Show hidden is ticked/Hide protected is unticked.
Any other things i could try? Can`t understand why these are being flagged when there not present  ???

Cheers,
Matty
A couple of computers :P

Offline dontbetonit

  • Newbie
  • *
  • Posts: 1
Re: Rootkit.hiddenvalue[at]0
« Reply #3 on: January 27, 2011, 05:54:51 PM »
I to have had rootkit discovered with scan of critical areas. When I tried to have Comodo remove 58 registry entries it failed. I have done this several times and they are stuck and fail to remove.
Here is the registry keys found by CIS:


Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\cd042efbbd7f7af1647644e76e06692b
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\bca643cdc5c2726b20d2ecedcc62c59b
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\2c81e34222e8052573023a60d06dd016
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\2582ae41fb52324423be06337561aa48
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\caaeda5fd7a9ed7697d9686d4b818472
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\a4a1bcf2cc2b8bc3716b74b2b4522f5d
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\4d370831d2c43cd13623e232fed27b7b
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\1d68fe701cdea33e477eb204b76f993d
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\1fac81b91d8e3c5aa4b0a51804d844a3
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\f5f62a6129303efb32fbe080bb27835b
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\ThreadingModel
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\fd4e2e1a3940b94dceb5a6a021f2e3c6
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\8a8aec57dd6508a385616fbc86791ec2
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\ThreadingModel

Offline ChalkTrauma

  • Newbie
  • *
  • Posts: 5
Re: Rootkit.hiddenvalue[at]0
« Reply #4 on: January 28, 2011, 04:17:24 PM »
These registry keys were driving me nuts too, RootkitRevealer turned up the same ones because they have embedded nulls.

Do you currently have or ever had Pinnacle Studio 9 installed? They are apparently using rootkit methods to hide registration information..  and they are using the following keys:

Code: [Select]
Details: HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}
Details: HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}
Details: HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}
Details: HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}
Details: HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}
Details: HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}
Details: HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}
Details: HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}
Details: HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}
Details: HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}
Details: HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}
Details: HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}

Why companies have to do stuff like this is beyond me.. I lost like half a day tracking this down. I'm telling you right now I will not buy or install another Pinnacle product...  >:(

Information here: http://forums.spybot.info/showthread.php?t=27491

...have a better one..


Offline norain

  • Newbie
  • *
  • Posts: 17
Re: Rootkit.hiddenvalue[at]0
« Reply #5 on: February 04, 2011, 05:30:08 AM »
I also have the rootkit detection, yet cannot remove it like the first poster in this thread.
Should I worry?
The keys don't show up at all in regedit, as others have said.


Offline slightly_concerned

  • Newbie
  • *
  • Posts: 14
Re: Rootkit.hiddenvalue[at]0
« Reply #6 on: March 19, 2011, 03:38:13 PM »
Just looking at the scan results for my old mans XP pro box and i keep getting (after a full scan) the entry`s

Rootkiy.hiddenvalue[at]0 for

HKEY_USER\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE
HKEY_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\nltide_3
HKEY_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

I try and use the Clean or Disinfect and it states "Not all threats have been removed" Infact it doesn`t remove any of them, subsequent scans still show them. The keys aren`t present in regedit
Scanned with GMER/Sophos anti-rootkit and all seems fine. Scanned from Avira disc, no problem.

Any thoughts on this anyone?

Cheers,
Matty


hey :)   so these were confirmed FP's in your case, right?

i posted already a couple of times in another thread about this, it just drives me crazy to see that rootkit alert on my regular scan each time  :-\

Offline Trusty65

  • Newbie
  • *
  • Posts: 2
Re: Rootkit.hiddenvalue[at]0
« Reply #7 on: May 16, 2011, 09:50:57 AM »
I have the same problem:
Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE
Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\tscuninstall

CIS reports them but is unable to do anything about them.

Regedit shows the CTFMON key (Data  C:\WINDOWS\system32\ctfmone.exe) but not the tscuninstall key.

XP Pro

Are these actual problems or false reports?

 Trusty65

Offline fOrTy_7

  • Comodo's Hero
  • *****
  • Posts: 599
Re: Rootkit.hiddenvalue[at]0
« Reply #8 on: May 22, 2011, 11:58:43 AM »
I've got these after full system scan:

Quote
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\System\ControlSet001\services\sptd\Cfg\h0
Rootkit.HiddenKey[at]0 HKEY_LOCAL_MACHINE\System\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\System\ControlSet001\services\sptd\Cfg\s1
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\System\ControlSet001\services\sptd\Cfg\s2
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\System\ControlSet001\services\sptd\Cfg\h0
Rootkit.HiddenValue[at]0 HKEY_LOCAL_MACHINE\System\ControlSet001\services\sptd\Cfg\g0

I believe these are FPs and the entries are releated to SCSI Pass Through Direct (SPTD) layer (64 bit) (Daemon Tools Lite driver). Could you verify that?

CIS version: 5.4.189822.1355
AV database version: 8794
« Last Edit: May 22, 2011, 12:01:17 PM by fOrTy_7 »

Offline fOrTy_7

  • Comodo's Hero
  • *****
  • Posts: 599
Re: Rootkit.hiddenvalue[at]0
« Reply #9 on: July 12, 2011, 02:12:44 PM »
bump

Offline StenneG

  • Newbie
  • *
  • Posts: 1
Re: Rootkit.hiddenvalue[at]0
« Reply #10 on: July 17, 2011, 03:18:26 AM »
I have a similar problem:

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE   Risk: High

CIS reports but is unable to do anything about it.

XP Pro

Offline mirk1989

  • Product Translator
  • Comodo's Hero
  • *****
  • Posts: 1071
Re: Rootkit.hiddenvalue[at]0
« Reply #11 on: July 27, 2011, 07:33:30 AM »
I have the same problem of dontbetonit

58 Rootkit.HiddenValue[at]0 due to Pinnacle Studio....


There are not solutions to avoid these FPs since they are harmless?

Thanks

Offline Puniksem

  • Newbie
  • *
  • Posts: 11
  • Smile, a least air is free!
    • PuniksemVille
Re: Rootkit.hiddenvalue[at]0
« Reply #12 on: September 28, 2012, 03:54:09 AM »
These registry keys were driving me nuts too, RootkitRevealer turned up the same ones because they have embedded nulls.

Do you currently have or ever had Pinnacle Studio 9 installed? They are apparently using rootkit methods to hide registration information..  and they are using the following keys:

Code: [Select]
Details: HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}
Details: HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}
Details: HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}
Details: HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}
Details: HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}
Details: HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}
Details: HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}
Details: HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}
Details: HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}
Details: HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}
Details: HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}
Details: HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}

Why companies have to do stuff like this is beyond me.. I lost like half a day tracking this down. I'm telling you right now I will not buy or install another Pinnacle product...  >:(

Information here: http://forums.spybot.info/showthread.php?t=27491

...have a better one..



I too was recently concerned by the untimely find of no less than 58 instances found on a Comodo AV scan of Rootkit.HiddenValue0 however now you mention that Pinnacle have something to do with it, it's understandable, I too have a Pinnacle USB 70e dongle installed.

I agree that while this method of installation is not appropriate behaviour it also leads to other vulnerabilities. I noticed that after setting Comodo to scan for rootkits, the option was unticked after the first scan, therefore any further scans would not include rootkit scanning by Comodo AV.

Like you a day wasted trying to either remove these very stubborn entries, or find out information about them, I was generally getting nowhere until I read about Pinnacle being a possible culprit.
Put off today what you can do tomorrow!

Offline Siketa

  • Comodo's Hero
  • *****
  • Posts: 5066
Re: Rootkit.hiddenvalue[at]0
« Reply #13 on: September 28, 2012, 04:53:45 AM »
Rootkit.HiddenValue detections should be fixed in CIS 6.

Offline khanyash

  • Comodo's Hero
  • *****
  • Posts: 5253
Re: Rootkit.hiddenvalue[at]0
« Reply #14 on: September 28, 2012, 07:05:53 AM »
Rootkit.HiddenValue detections should be fixed in CIS 6.

These detections only appear with advanced rootkit scanning enabled, right?

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek