It looks like the configuration for rootcheck doesn't have the right format. I think you are inserting some extra line breaks.
It should look like this: [Trojan Dropper] [all] [0A37D49E798F50C8F1010D5CFDE0E851] f:C:\Users\IEUser\AppData\Local\Temp\AcroRD32.exe; r:HKEY_USERS\S-1-5-21-3463664321-2923530833-3546627382-1000\Software\Microsoft\Windows\CurrentVersion\Run -> Acroread -> r:AcroRD32.exe; p:r:AcroRD32.exe; On Mon, Mar 14, 2016 at 6:17 AM, 林威任 <[email protected]> wrote: > Excuse me, I want to ask something. > Why it don't appear ideal result after I input the code ? > code: > [Trojan Dropper] [all] [0A37D49E798F50C8F1010D5CFDE0E851] > f:C:\Users\agent05\AppData\Local\Temp\AcroRD32.exe; > r:HKEY_USERS\S-1-5-21-3463664321-2923530833-3546627382-1000\Software\Microsoft > \Windows\CurrentVersion\Run -> Acroread -> r:AcroRD32.exe; p:r:AcroRD32.exe; > my virtual machine's result: > ERROR: Invalid rk configuration value: '[Trojan Dropper] [all] > [0A37D49E798F50C8F1010D5CFDE0E851] > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
