Broadband Tech > Security > Security > How to discover hidden rootkits

How to discover hidden rootkits

Comment from the article.

quote:

---

The one and the only offline malware remover (which not only identifies but removes) which I recommend for Win 7 systems is WDO.

---

reply to StuartMW
Good info thanks..got any thought on this one ?

10 best free lightweight security tools
»www.techradar.com/us/news/softwa···-1089715

or these..

10 best free lightweight desktop tools
»www.techradar.com/us/news/softwa···-1085319

been a long time since I have seen a thread about the tools out there which we know work well.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

Well what I say publicly and what I know/do privately may or may not be the same thing
--
Don't feed trolls--it only makes them grow!

»www.resplendence.com/sanity.htm

What is SanityCheck ?

SanityCheck is an advanced rootkit and malware detection tool for Windows which thoroughly scans your system for threats and irregularities which indicate malware or rootkit behavior.

SanityCheck runs on the following operating systems:

Windows 7
Windows 7 x64 editions
Windows 2008 Server
Windows 2008 Server x64 editions
Windows Vista
Windows Vista x64 editions
Windows XP (Service Pack 2 or greater)
Windows XP x64 edition (all service packs)
Windows Server 2003 (all service packs)
Windows Server 2003 x64 editions (all service packs)
Windows Server 2000 (with Update Rollup 1 and Service Pack 4)

quote:

---

I've lost my mind and it's a shame because it's such a little thing to be wandering around by itself.

---

reply to Name Game
I have only detected 1 rootkit on a computer. In January 2008 I saw a process in the firewall log that was tyring to connect to the Internet on the family's shared PC. Fortunately no one in the family had allowed it through the firewall; my family was well trained.

I used Windows explorer to search for an executable with the name of the process; however, I could not find it. I booted into Linux and searched the Windows partition for the file and found it. I noted the path to the file; then, rebooted Windows and looked for the file in that location using explorer. Explorer didn't know it was there.

I rebooted into Linux, TARed the file and sent it to someone responding to my post on this forum (see thread at »What is cbpnkrymg.exe). They forwarded my sample to the AV companies and confirmed that it was a new variant of a rootkit (Trojan Horse Rootkit-Pakes). Within 24 hours, many of the AV companies were releasing signatures for it.

No AV product would have detected this rootkit. LOL.

reply to Name Game
i happened across an article at the mcafee website that talked about a rootkit that, according to mcafee, most rootkit-scanners wouldn't detect because it was designed so that, while it would be hidden from humans, it would not appear to be hidden to rootkit-scanners and, therefore, it wouldn't be flagged by them..

of course, mcafee was boasting that their new super-duper security tool, which, incidentally, was only available for corporate use, that it, alone, was capable of flagging the rootkit..

quote:

---

A rootkit is a stealthy type of software, often times, malicious designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.

---

reply to Name Game
Wouldn't some of the old basic tools that did a file structure comparative still be effective today? I know most vendors produce off-line scanners or boot CD's, which seems to be the best way now, but isn't it all still hit and miss? Detecting it is one thing, cleaning is quite another, what hooks are in place etcetera just as LoPhatPhuud had troubles with in this topic - »[RESOLVED][Rootkit] rootkit virus? - Nethog Post 1 of 2
(I hope there isn't a forum rule here)