fatdcuk
Premium
join:2005-02-20
England
1 edit | reply to daveinpoway
Re: One in Five PC's Infected With Rootkits
Sorry for the delay folks but as promised yesterday here is are the screenshots/data returned from testing some of the tools mentioned in this thread versus samples from my Zoo collection.
All RK malwares used have been harvested from in the wild infections over the last 18months and there are no proof-of-concept RK's used.These are live malware rootkits 
Testbed1(loaded malware RK's)
1)Rustock B (huy32.sys)
2)Nulprot (asc3550.sys+asc3550p.sys)*
3)Haxdoor (ntio256.sys+protector.exe)
4)Srizbi (Eyvw95.sys)
5)Cutwail/Bulknet (Runtime2.sys)**
*Imports a secondary infection from the WWW that is not hidden.
**Drops other files after installation that are not hidden.
Prev-X CSI= 4/5 Is blind to Nulprot.
AVG AntiRootKit= 4/5 Is blind to Nulprot.
RKU= 4/5 Is blind to Nulprot.
GMER 1.0.14 Beta= 5/5 
Nulprot VT upload today>>>
»www.virustotal.com/resultado.htm···7b697495
Testbed2(loaded malware RK's)
1)Rustock A (lzx32.sys)
2)Wincom32 (Wincom32.sys)
3)TR.inject/allinone(VideoAti0.sys+dll+exe)
4)Haxdoor.sm(Pasksa.dll+p81eskse.sys)
Prev X CSI= 3/4 Blind to Allinone
AVG AntiRootKit= 4/4
RKU =4/4
GMER 1.0.14Beta= 4/4
TR.Inject/Allinone VT report today>>>
»www.virustotal.com/resultado.htm···f327bde6
|
|
Bubba1
Less is More
Premium
join:2006-09-21
| Well, based on the test results you've shared (again, thanks), I obtained GMER 1.0.13 (wasn't able to obtain your beta version) and it's not finding anything.
Notice ... I didn't announce I was clean.  |
|
fatdcuk
Premium
join:2005-02-20
England
2 edits | Here is the GMER 1.0.14 Beta link>>>
»www2.gmer.net/beta/
I've been using the Beta version for around 4 weeks now and can safely say it is more stable for my setup and has gained some more functionability over the previous version:) |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to Bubba1
said by Bubba1  :Notice ... I didn't announce I was clean. Yes, I notice that.
Well, allow me to announce-- my machine is clean!
Yeah, baby! Yee-haaa!
I think I owe a debt of gratitude to SipSizurp's and the others' clients though, that shouldered the burden and helped to keep me in that other 75 or 80% percentile.
Whew! Close one!
Thanks, gents! |
|
Bubba1
Less is More
Premium
join:2006-09-21
| said by AB :I think I owe a debt of gratitude to SipSizurp's and the others' clients though, that shouldered the burden and helped to keep me in that other 75 or 80% percentile. Whew! Close one! You found something? And, successfully eradicated it?
You used RkU? Did you try GMER?
--
HN7000s | Horizons 1 (127W) | Gateway: 1110Mhz | Dish: .98m 2 Watt | Pro+
"Fast is fine, but accuracy is everything" --Wyatt Earp |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| said by Bubba1 :said by AB :I think I owe a debt of gratitude to SipSizurp's and the others' clients though, that shouldered the burden and helped to keep me in that other 75 or 80% percentile. Whew! Close one! You found something? Nope. Not a thing.
This is why I'm in that 'other percentile'. |
|
