Spyware Warrior

nx42qr7

I have been able to ascertain through a reliable source the presence of a pre-installed null,in fact I have been able to verify that there were installed prior to this computers arrival at my home the installation of two embedded nulls.This install occurred at the time and place from where this computer was shipped.I have reliable information that can establish those perimeters beyond a doubt.This is my question If there is done a complete reformat would that in this boards opinion remove from the drive the presence of a embedded null,pre-installed or not.Would the ability to wipe the drives clean remove the embedded attempt that the presence of these nulls represent?

ld · Posted: Sat May 03, 2008 9:06 pm Post subject:

I can't make much sense of this. Did you mean to type null or did a filter do that?

nx42qr7 · Posted: Sat May 03, 2008 10:18 pm Post subject: The question is ?

The question was if even in a pre-installed condition would wiping the hard drive clean and a subsequent reformat would or could you assume the pre-installed state would of been wiped clean.There would be no ability to carry the null or any other artifact from a prior condition once a complete and thorough wipe had occurred. To further extend this query even more would the characteristic of the prior mentioned state be wiped from the data strate thereby no longer existing? To the mention above, is the null that unknown to you? I'am the one who was not certain as to the sincereity of your responce.Are you familiar with the value represented by a null character?(*)

mikey · Posted: Sun May 04, 2008 10:39 am Post subject:

I've been fuzzing all day and perhaps the strain of weeding thru all the captures has my mind at a null.

I can think right off of dozens of places where the word 'null' might be used in relation to computing formats, protocols, and routines. However, as usual with this user, I have no clue to the meaning he's trying to express here. Since he's caused an almost null interest for me in this, maybe he'll be good enough to explain...tho his history is just more of this kind of null value.

null

Noun
A quantity of no importance.
> Synonym: aught, cipher, cypher, goose egg, nada, naught, nil, nix, nothing, zero, zilch, zip.
> Hypernym: relative quantity.
- It looked like nothing I had ever seen before.
- Reduced to nil all the work we had done.
- We racked up a pathetic goose egg.
- It was all for naught.
- I didn't hear zilch about it.

Adjective
Lacking any legal or binding force.
> Synonym: void.
> Similar: invalid.
> Category: jurisprudence, law.
- Null and void.

nx42qr7 · Posted: Mon May 05, 2008 4:11 am Post subject: The null characteristic

There is here at least as it concerns some inability to know the

value of null and its place in determining," A Rootkit". Please go

to http://spywarewarrior.com/viewtopic.php?t=28091 and

though this next link is represented in the 72 hour bump forum this

is the link as well http://spywarewarrior.com/viewtopic.php?

t=28129&highlight= The web site has an extended section which

Site Administrator Suzie apparently put together with cudos for

the hard work.The reference is to research and references to what

is a root kit? As Casey Stengel use to say,"You could look it up"

nx42qr7 · Posted: Mon May 05, 2008 2:52 pm Post subject: An Explanation and then some

This is a matter of courtesy and perhaps as much a right to know that I'am posting back on this root kit question.If you use the links and peruse to the Hijackthis log/forum you will know that these detections are for real and were made even compelling when they turned up as a pair of nulls that were pre-installed.the RootKit Revealer indicated that the nulls though they were preinstalled did as well indicate that there value was afforded 0 bytes per null and in effect the 0 bytes provided for a valueless null which according to Microsoft Safety would not bare fruit in the likes of a backdoor or even more so a rootkit entity.It was though , this was the opinion of Microsoft Safety, that the 0 was in effect what was most telling as to the capacity to deploy modifications and so on.since neither null was provided with a 1(A Binary) neither null was valuable.They,Microsoft Safety did not feel that there presence was a problem.That was all well and good however many times over as with Microsoft opinions as well as others even here.The circumstances are difficult to explain entirely as I will place better than 8 separate files that were categorized as a root kit with there actual identity being very similar looking to files detected by RootKit Revealer as a discrepancy.How did all of this happen?

ld · Posted: Mon May 05, 2008 4:04 pm Post subject:

HKLM\SECURITY\Policy\Secrets\SAC
HKLM\SECURITY\Policy\Secrets\SAI

Those two entries are normal to find when scanning windows XP with rootkit revealer (I have no experience with scanning vista).

Here is one explanation for the significance of a null byte in the registry:

http://www.xpregistrycleaner.com/embedded-null-characters/index.html

Here is a post from the sysinternals forum regarding rootkit revealer and the two registry entries:
http://forum.sysinternals.com/forum_posts.asp?TID=8881

The significance of the NULL byte in programming is that it is used to terminate character strings. When NULL bytes are put in the middle of strings and a program doesn't expect it you can run in to problems. It seems here regedit for one doesn't expect it.