StudioT Posted June 2, 2008 ID:19315 Share Posted June 2, 2008 Over the weekend my Win2k computer acquired Vxgame, Zhelatin and Tibbs trojans. At least one was protected by the wincom rootkit.During cleaning I discovered the following registry entryHKLM\software\Xanthic\{EA85997E-F0A5-F38F-C44B-1D1A619FAE56}was inaccessible due to null entry.The entry was removed by proper use of regdelnull.I have never heard of Xanthic, no other pc on my network has the key. However googling does not throw up nefarious activity by this outfit.So I was interested in any further information available.The pc concerned is now clean. Link to post Share on other sites More sharing options...
JeanInMontana Posted June 2, 2008 ID:19333 Share Posted June 2, 2008 Seems to be a game site or software. I don't have time to read all the hits. Try using Xanthic + malware in a Google seach you get all sorts of interesting stuff. Link to post Share on other sites More sharing options...
StudioT Posted June 2, 2008 Author ID:19343 Share Posted June 2, 2008 Thanks for that, Jean. I wouldn't describe the result as productive - even the Winternals RR forum failed to reach a conclusion. Link to post Share on other sites More sharing options...
Lawrym Posted August 3, 2008 ID:24291 Share Posted August 3, 2008 Thanks for that, Jean. I wouldn't describe the result as productive - even the Winternals RR forum failed to reach a conclusion.Hi, I found Xanthic in my registry too, it turned up in a rootkit search. When I did a net search for Xanthic on my computer it came up with nothing about viruses. BUT WHEN DOING THE SAME SEARCH ON MY DAUGHTERS COMPUTER IT CAME UP AS A VIRUS RIGHT ON THE TOP OF THE LIST!. I decided (rightly or wrongly) that it was filtering my searches. I tried to remove it with REGEDIT but that won't touch it (I didn't know about REGDELNULL). So I tried to restore a backed up registry and found that even though I had lots of backups I could not restore any of my old ones. I decided (rightly or wrongly) that Xanthic was blocking me from restoring registry back ups. So in the end I did a boot from my SpotMau disk and took the registry back to a fresh admin.This caused me to loose most of my setup (a bit like sawing of a leg to avoid snake bite poison) but at least my system is clean now (I hope).I know how I got Xanthic on my system; well at least I think I do, perhaps Xanthic even buried that trail! It came off a Mag CD in a wireless security app, I won't name it here in case I have the wrong steer. Can you tell me more about REGDELNULL?Lawrym Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now