Rootkit detection review

rustypup · Post by **rustypup** » 18 Jan 2007, 07:53

Information Week wrote:In October 2005, Windows expert Mark Russinovich broke the news about a truly underhanded copy-protection technology that had gone horribly wrong. Certain Sony Music CDs came with a program that silently loaded itself onto your PC when you inserted the disc into a CD-ROM drive. Extended Copy Protection (or XCP, as it was called) stymied attempts to rip the disc by injecting a rootkit into Windows — but had a nasty tendency to destabilize the computer it shoehorned itself into. It also wasn't completely invisible: Russinovich's own RootkitRevealer turned it up in short order. Before long, Sony had a whole omelette's worth of egg on its face, and the word rootkit had entered the vocabulary of millions of PC users.

included in the comparative review:
BlackLight
IceSword
RKDetector
RootkitBuster
RootkitRevealer
Rootkit Unhooker

Take the warning about "careful" use to heart, as these apps cannot distinguish between genuine system files and not so kosher ones...

now, if only there were some way of obliterating starforce after uninstalling its targeted app

Post by **Anakha56** » 18 Jan 2007, 09:19

http://www.onlinesecurity-on.com/protect.phtml?c=55

http://www.whoismadhur.com/2006/04/06/s ... e-removal/

Rusty you asked i deliver

rootkits are baaaad...

Gatsby · Post by **Gatsby** » 18 Jan 2007, 09:37

My Bitdefender 10 has a built in rootkit scanner and remover. I wonder how good it is.

rustypup · Post by **rustypup** » 18 Jan 2007, 11:03

rootkit unhooker has got to be the most comprehensive i've seen to date...

ice-sword comes with a command line plug-in which allows you to modify the file hives directly... so scrubbing those hard to remove files is a synch, (this is *not* a toy to be played with... unless the idea of re-installing sounds kinky..)

DeathStrike · Post by **DeathStrike** » 30 May 2007, 12:59

Sorry for my Noob question but what are rootkits?

Post by **Ron2K** » 30 May 2007, 13:15

DeathStrike wrote:Sorry for my Noob question but what are rootkits?

Nasty little buggers.

http://en.wikipedia.org/wiki/Rootkit

DeathStrike · Post by **DeathStrike** » 01 Jun 2007, 09:22

Nasty. Where do i get 1 of those remover things? and how wud u know if your pc is infected?

PHR33K · Post by **PHR33K** » 01 Jun 2007, 11:14

As a rootkit writer I personally would choose Rootkit Unhooker.

rustypup · Post by **rustypup** » 01 Jun 2007, 11:44

DeathStrike wrote:and how wud u know if your pc is infected?

i would like to reiterate the point about not mucking with the file hives... it really is the quickest route to trashing your installation... some legitimate files, by their very nature, will not appear as a fat entry...

best approach is to scan, make a short list of suspects and then spend some time verifying if they are legit or not... those that you fail to verify, or that pop up as known kits, can be trashed...