| View previous topic :: View next topic |
| Author |
Message |
Mixel
Cadet
Joined: Sep 08, 2006
Posts: 5
Location: Mexico
|
|
| Back to top |
|
 |
negster22
Security Expert
Premium Member
Joined: Mar 10, 2004
Posts: 5394
|
 Posted: Sat Sep 09, 2006 6:42 pm Post subject: |
|
|
Looking forward to the results and check out the GMER video too, because the study did not reveal all of GMER's features - it can remove badRKdemo.
_________________
Negster22 - MS MVP - Consumer Security 2006-2008 
|
|
| Back to top |
|
|
ErikAlbert
Warnings : 3
Captain
Joined: Jan 20, 2005
Posts: 424
|
| Posted: Sat Sep 09, 2006 7:23 pm Post subject: |
|
|
LOL, the guy's really pissed off at you people for saying it's unstable.
|
|
| Back to top |
|
|
negster22
Security Expert
Premium Member
Joined: Mar 10, 2004
Posts: 5394
|
| Posted: Sun Sep 10, 2006 6:18 pm Post subject: |
|
|
I have found an interesting RKUnhooker study which measures RKUnhooker's abiltity to detect seven rookits that use a diverse range of techniques. The test rootkits include FuTO enhanced (DKOM), BadRKDemo (DKOM), pe386 - Rustock.A (SYSCALL hook), AFX rootkit 2005, and HackerDefender & Vanquish (both user mode rootkits).
The study is wriiten in German so just click the "English Translation" button provided on the upper right corner of the page, to get the English translation.
Since the instability issues concerning RKUnhooker result from rootkit tool driver conflicts, if you want to try RKUnhooker, my suggestion is to do it before running run any rootkit tools, and then reboot afterwards. If you have used other detectors, you can just do this before running RKUnhooker:
1. Reboot to unload any anti-rootkit program drivers used previously
2. Run RKUnhooker
3. Reboot to remove the RKUnhooker driver
This same procedure may be applied to other detectors that do not unload their drivers, as well. This will eliminate crashes that occur from driver conflicts.
_________________
Negster22 - MS MVP - Consumer Security 2006-2008
|
|
| Back to top |
|
|
ErikAlbert
Warnings : 3
Captain
Joined: Jan 20, 2005
Posts: 424
|
| Posted: Sun Sep 10, 2006 8:12 pm Post subject: |
|
|
I just reimage.
|
|
| Back to top |
|
|
Mixel
Cadet
Joined: Sep 08, 2006
Posts: 5
Location: Mexico
|
| Posted: Tue Sep 12, 2006 12:54 am Post subject: |
|
|
Hi everybody
like i was expectin RKU can detect w/o a problem BadRKDemo
i attach the picture of it
svv must have to wait...
| Description: |
|
| Filesize: |
130.99 KB |
| Viewed: |
336 Time(s) |
|
|
|
| Back to top |
|
|
Mixel
Cadet
Joined: Sep 08, 2006
Posts: 5
Location: Mexico
|
| Posted: Tue Sep 12, 2006 1:02 am Post subject: |
|
|
About of the Joerg Klemenz blog is a little out of date
....
first thst post is about RKU 2.0 and actual release is 2.022 which is more stable and give less false positives...
so i think evrybody must to try the most new release before of post something...
Saludos desde Durango
|
|
| Back to top |
|
|
Paul
CastleCops Founder
Joined: Feb 22, 2002
Posts: 27351
|
| Posted: Wed Sep 13, 2006 4:11 am Post subject: |
|
|
| ErikAlbert wrote: | | LOL, the guy's really pissed off at you people for saying it's unstable. |
Our Rootkit experts are just that, experts. If our CastleCops rootkit experts have an opinion on a tool then I'd side with them over anyone else. Sure, we're all human and can make mistakes, but that is what makes our experts unique. Their opinions are based on scientific and objective testing. And that is gold in my book.
_________________
Paul Laudanski - http://www.laudanski.com
http://www.linkedin.com/pub/1/49a/17b
|
|
| Back to top |
|
|
Prince_Serendip
Site Moderator
Joined: Sep 07, 2002
Posts: 17542
|
| Posted: Thu Oct 05, 2006 2:17 pm Post subject: |
|
|
We are locking this topic for now. Please try to understand that this forum is unlike the rest of CastleCops in the following respect. We decide what programs or applications are safe and appropriate for use here.
Any links posted in the Rootkit Revelations forums to applications that we have not approved will be removed forthwith.
Best regards and have a nice day.
_________________
Microsoft MVP Consumer Security 2006, 2007 & 2008
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
