RootkitRevealer shows 12,000 files "Hidden from Windows API", but they are legit files!?
Posted on 2006-07-01
Hello. I've used RootkitRevealer many times, and I'm pretty good at interpreting its results.
However, I have one computer which has very *strange* results.
RootkitRevealer shows 12,000 files "Hidden from Windows API". 12,000!!!
I browsed to some of these files, and they certainly were not hidden, I could see and open them just fine. They are also legit files, just standard files. I didn't look through all 12,000, but I did browse them. I did not search the *entire* results to look for malware files, that would take hours.
I cleared the IE cache beforehand, shut off the screensaver, closed all apps (except processes always running in background), and didn't touch the computer during the scan.
I ran it 3 times, results were similar.
has anyone seen this? What's could be causing this?