Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

An Embedded Null! Two as a matter of fact.

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
nx42qr7
Warrior


Joined: 22 Apr 2007
Last Visit: 02 Jul 2011
Posts: 86

PostPosted: Sat May 03, 2008 8:44 am    Post subject: An Embedded Null! Two as a matter of fact. Reply with quote

I have been able to ascertain through a reliable source the presence of a pre-installed null,in fact I have been able to verify that there were installed prior to this computers arrival at my home the installation of two embedded nulls.This install occurred at the time and place from where this computer was shipped.I have reliable information that can establish those perimeters beyond a doubt.This is my question If there is done a complete reformat would that in this boards opinion remove from the drive the presence of a embedded null,pre-installed or not.Would the ability to wipe the drives clean remove the embedded attempt that the presence of these nulls represent?
Back to top
View user's profile Send private message
ld
Warrior


Joined: 01 Mar 2005
Last Visit: 29 Jul 2010
Posts: 185

PostPosted: Sat May 03, 2008 9:06 pm    Post subject: Reply with quote

I can't make much sense of this. Did you mean to type null or did a filter do that?
Back to top
View user's profile Send private message
nx42qr7
Warrior


Joined: 22 Apr 2007
Last Visit: 02 Jul 2011
Posts: 86

PostPosted: Sat May 03, 2008 10:18 pm    Post subject: The question is ? Reply with quote

The question was if even in a pre-installed condition would wiping the hard drive clean and a subsequent reformat would or could you assume the pre-installed state would of been wiped clean.There would be no ability to carry the null or any other artifact from a prior condition once a complete and thorough wipe had occurred. To further extend this query even more would the characteristic of the prior mentioned state be wiped from the data strate thereby no longer existing? To the mention above, is the null that unknown to you? I'am the one who was not certain as to the sincereity of your responce.Are you familiar with the value represented by a null character?(*)
Back to top
View user's profile Send private message
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 14 Aug 2014
Posts: 1073
Location: CenTex

PostPosted: Sun May 04, 2008 10:39 am    Post subject: Reply with quote

I've been fuzzing all day and perhaps the strain of weeding thru all the captures has my mind at a null.

I can think right off of dozens of places where the word 'null' might be used in relation to computing formats, protocols, and routines. However, as usual with this user, I have no clue to the meaning he's trying to express here. Since he's caused an almost null interest for me in this, maybe he'll be good enough to explain...tho his history is just more of this kind of null value.

null

Noun
A quantity of no importance.
> Synonym: aught, cipher, cypher, goose egg, nada, naught, nil, nix, nothing, zero, zilch, zip.
> Hypernym: relative quantity.
- It looked like nothing I had ever seen before.
- Reduced to nil all the work we had done.
- We racked up a pathetic goose egg.
- It was all for naught.
- I didn't hear zilch about it.

Adjective
Lacking any legal or binding force.
> Synonym: void.
> Similar: invalid.
> Category: jurisprudence, law.
- Null and void.
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
nx42qr7
Warrior


Joined: 22 Apr 2007
Last Visit: 02 Jul 2011
Posts: 86

PostPosted: Mon May 05, 2008 4:11 am    Post subject: The null characteristic Reply with quote

There is here at least as it concerns some inability to know the

value of null and its place in determining," A Rootkit". Please go

to http://spywarewarrior.com/viewtopic.php?t=28091 and

though this next link is represented in the 72 hour bump forum this

is the link as well http://spywarewarrior.com/viewtopic.php?

t=28129&highlight= The web site has an extended section which

Site Administrator Suzie apparently put together with cudos for


the hard work.The reference is to research and references to what



is a root kit? As Casey Stengel use to say,"You could look it up"
Back to top
View user's profile Send private message
nx42qr7
Warrior


Joined: 22 Apr 2007
Last Visit: 02 Jul 2011
Posts: 86

PostPosted: Mon May 05, 2008 2:52 pm    Post subject: An Explanation and then some Reply with quote

This is a matter of courtesy and perhaps as much a right to know that I'am posting back on this root kit question.If you use the links and peruse to the Hijackthis log/forum you will know that these detections are for real and were made even compelling when they turned up as a pair of nulls that were pre-installed.the RootKit Revealer indicated that the nulls though they were preinstalled did as well indicate that there value was afforded 0 bytes per null and in effect the 0 bytes provided for a valueless null which according to Microsoft Safety would not bare fruit in the likes of a backdoor or even more so a rootkit entity.It was though , this was the opinion of Microsoft Safety, that the 0 was in effect what was most telling as to the capacity to deploy modifications and so on.since neither null was provided with a 1(A Binary) neither null was valuable.They,Microsoft Safety did not feel that there presence was a problem.That was all well and good however many times over as with Microsoft opinions as well as others even here.The circumstances are difficult to explain entirely as I will place better than 8 separate files that were categorized as a root kit with there actual identity being very similar looking to files detected by RootKit Revealer as a discrepancy.How did all of this happen?
Back to top
View user's profile Send private message
ld
Warrior


Joined: 01 Mar 2005
Last Visit: 29 Jul 2010
Posts: 185

PostPosted: Mon May 05, 2008 4:04 pm    Post subject: Reply with quote

HKLM\SECURITY\Policy\Secrets\SAC
HKLM\SECURITY\Policy\Secrets\SAI

Those two entries are normal to find when scanning windows XP with rootkit revealer (I have no experience with scanning vista).

Here is one explanation for the significance of a null byte in the registry:

http://www.xpregistrycleaner.com/embedded-null-characters/index.html

Here is a post from the sysinternals forum regarding rootkit revealer and the two registry entries:
http://forum.sysinternals.com/forum_posts.asp?TID=8881


The significance of the NULL byte in programming is that it is used to terminate character strings. When NULL bytes are put in the middle of strings and a program doesn't expect it you can run in to problems. It seems here regedit for one doesn't expect it.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group