CastleCops® Rootkit comparisons

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

Rootkit comparisons

All -> FavForums -> Rootkit Revelations

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

wng_z3r0

MRU Teacher

Joined: Mar 21, 2005
Posts: 1248

Posted: Sat Aug 19, 2006 10:07 pm Post subject: Rootkit comparisons

Methodology: http://spyware-free.us/2006/08/rootkit-writeup.html and part1: http://spyware-free.us/2006/08/hackerdefender.html Comments please! Thanks wng

Prince_Serendip

Site Moderator

Joined: Sep 07, 2002
Posts: 17542

Posted: Sun Aug 20, 2006 5:02 am Post subject:

Nicely done. I am sure you will get some helpful feedback from our other ReXs. This is ground-breaking development to teaching people how to remove rootkits safely. Keep up the good work! _________________ Microsoft MVP Consumer Security 2006, 2007 & 2008

AbuIbrahim

Security Expert
Special Response Team

Joined: Jan 18, 2006
Posts: 1930

Posted: Wed Aug 23, 2006 4:45 pm Post subject:

Excellent article wng_z3ro. However, I was testing Sytem Virginity Verifier on hacker defender and I did not get the results as expected. SVV fix did not seem to unhook the rootkit. The hxdef100.exe process and the Hackerdefenderdrv services and registry keys are still hidden and active. I did a scan with gmer before and after the 'svv fix' and everything seems to be the same. Did you do something additional? Do you know any other command line antihook/antirootkit tools besides svv and blbeta?

wng_z3r0

MRU Teacher

Joined: Mar 21, 2005
Posts: 1248

Posted: Wed Aug 23, 2006 9:05 pm Post subject:

no I didn't do anything different. gmer has a command line as well. _________________ Proud member of Alliance of Security Analysis Professionals since 2005 Microsoft MVP-2006

wng_z3r0

MRU Teacher

Joined: Mar 21, 2005
Posts: 1248

Posted: Sun Sep 10, 2006 8:09 pm Post subject:

Part 2 completed: http://spyware-free.us/2006/09/vanquish_10.html _________________ Proud member of Alliance of Security Analysis Professionals since 2005 Microsoft MVP-2006

wng_z3r0

MRU Teacher

Joined: Mar 21, 2005
Posts: 1248

Posted: Sun Sep 10, 2006 8:13 pm Post subject:

AbuIbrahim wrote:

Excellent article wng_z3ro.

However, I was testing Sytem Virginity Verifier on hacker defender and I did not get the results as expected. SVV fix did not seem to unhook the rootkit.
The hxdef100.exe process and the Hackerdefenderdrv services and registry keys are still hidden and active.
I did a scan with gmer before and after the 'svv fix' and everything seems to be the same.

Did you do something additional?

Do you know any other command line antihook/antirootkit tools besides svv and blbeta?

One thing is that I used svv fix /a /m
Could that be the difference?

wng

	All -> FavForums -> Rootkit Revelations	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 116ppm 0.283s (0.043s) Making cybercriminals unhappy since 2002*