Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Comodo Rootkit.HiddenValue[at]0

  • Please log in to reply
No replies to this topic

#1 Nanobyte


  • Members
  • 431 posts
  • Local time:12:40 AM

Posted 23 December 2012 - 01:14 AM

I posted my issue in the Comodo forum last year but got nowhere. I just resurrected the post there but thought I would try here too. Comodo finds a couple of apparent rootkits. The one I am interested in is:

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

No other rootkit apps find this particular key (blacklight, aswMBR, Spybot, RootRepeal etc). The key does not exist in the registry but searches found the following related items:

[HKEY_CURRENT_USER\Software\Microsoft\Advanced INF Setup\IE UserData NT\RegBackup\0.map]
"92cb6f10673beaf6"=",1,HKCU,Software\\Microsoft\\Internet Explorer\\Extensions\\CmdMapping,{c95fe080-8f5d-11d2-a20b-00aa003c157a},"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C95FE080-8F5D-11D2-A20B-00AA003C157A}]
"Compatibility Flags"=dword:00000400

I have no idea whether this is a false positive. I read the BC article "Making Internet Explorer Safer" but I could see no way to tell if these entries are harmful.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users