Page 1 of 1
Rootkit detection review
Posted: 18 Jan 2007, 07:53
by rustypup
Information Week wrote:In October 2005, Windows expert Mark Russinovich broke the news about a truly underhanded copy-protection technology that had gone horribly wrong. Certain Sony Music CDs came with a program that silently loaded itself onto your PC when you inserted the disc into a CD-ROM drive. Extended Copy Protection (or XCP, as it was called) stymied attempts to rip the disc by injecting a rootkit into Windows — but had a nasty tendency to destabilize the computer it shoehorned itself into. It also wasn't completely invisible: Russinovich's own RootkitRevealer turned it up in short order. Before long, Sony had a whole omelette's worth of egg on its face, and the word rootkit had entered the vocabulary of millions of PC users.
included in the comparative review:
BlackLight
IceSword
RKDetector
RootkitBuster
RootkitRevealer
Rootkit Unhooker
Take the warning about "careful" use to heart, as these apps cannot distinguish between genuine system files and not so kosher ones...
now, if only there were some way of obliterating starforce after uninstalling its targeted app
Posted: 18 Jan 2007, 09:19
by Anakha56
Posted: 18 Jan 2007, 09:37
by Gatsby
My Bitdefender 10 has a built in rootkit scanner and remover. I wonder how good it is.
Posted: 18 Jan 2007, 11:03
by rustypup
rootkit unhooker has got to be the most comprehensive i've seen to date...
ice-sword comes with a command line plug-in which allows you to modify the file hives directly... so scrubbing those hard to remove files is a synch, (this is *not* a toy to be played with... unless the idea of re-installing sounds kinky..)
Posted: 30 May 2007, 12:59
by DeathStrike
Sorry for my Noob question but what are rootkits?
Posted: 30 May 2007, 13:15
by Ron2K
DeathStrike wrote:Sorry for my Noob question but what are rootkits?
Nasty little buggers.
http://en.wikipedia.org/wiki/Rootkit
Posted: 01 Jun 2007, 09:22
by DeathStrike
Nasty. Where do i get 1 of those remover things? and how wud u know if your pc is infected?
Posted: 01 Jun 2007, 11:14
by PHR33K
As a rootkit writer I personally would choose Rootkit Unhooker.
Posted: 01 Jun 2007, 11:44
by rustypup
DeathStrike wrote:and how wud u know if your pc is infected?
i would like to reiterate the point about not mucking with the file hives... it really is the quickest route to trashing your installation... some legitimate files, by their very nature, will no
t appear as a fat entry...
best approach is to scan, make a short list of suspects and then spend some time verifying if they are legit or not... those that you fail to verify, or that pop up as known kits, can be trashed...
