Jump to content

Recommended Posts

Over the weekend my Win2k computer acquired Vxgame, Zhelatin and Tibbs trojans.

At least one was protected by the wincom rootkit.

During cleaning I discovered the following registry entry


was inaccessible due to null entry.

The entry was removed by proper use of regdelnull.

I have never heard of Xanthic, no other pc on my network has the key. However googling does not throw up nefarious activity by this outfit.

So I was interested in any further information available.

The pc concerned is now clean.

Link to post
Share on other sites

  • 2 months later...
Thanks for that, Jean.

I wouldn't describe the result as productive - even the Winternals RR forum failed to reach a conclusion.

Hi, I found Xanthic in my registry too, it turned up in a rootkit search. When I did a net search for Xanthic on my computer it came up with nothing about viruses. BUT WHEN DOING THE SAME SEARCH ON MY DAUGHTERS COMPUTER IT CAME UP AS A VIRUS RIGHT ON THE TOP OF THE LIST!. I decided (rightly or wrongly) that it was filtering my searches.

I tried to remove it with REGEDIT but that won't touch it (I didn't know about REGDELNULL). So I tried to restore a backed up registry and found that even though I had lots of backups I could not restore any of my old ones. I decided (rightly or wrongly) that Xanthic was blocking me from restoring registry back ups. So in the end I did a boot from my SpotMau disk and took the registry back to a fresh admin.

This caused me to loose most of my setup (a bit like sawing of a leg to avoid snake bite poison) but at least my system is clean now (I hope).

I know how I got Xanthic on my system; well at least I think I do, perhaps Xanthic even buried that trail! It came off a Mag CD in a wireless security app, I won't name it here in case I have the wrong steer.

Can you tell me more about REGDELNULL?


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.