Hi SpannerITWks,
Thanks again for the support

SysProt AntiRootkit is also listed on AntiRootkit.com
http://antirootkit.com/software/SysProt-AntiRootkit.htm

Looks great!!

_________________
Negster22 - MS MVP - Consumer Security 2006-2008

I started a new thread about this in here - http://www.dslreports.com/forum/svendors - on the same day i posted in here - http://forum.sysinternals.com/forum_posts.asp?TID=962&PN=31

The info i posted on dsl was Exactly the same as in the SysInternals !

For some " Unknown " reason the dsl thread was removed without ANY warning or explanation ? Nor did i get a PM from anyone about it being deleted either ?

Anybody know why this could have happened ?

I'm sorry it was removed, but it was not my doing.

Spanner

Hi SpannerITWks,
Thanks for your cooperation. I wonder why what happened at DSL Reports!
Anyway, as far as SysProt AntiRootkit is considered, I have made a small update. Now, it shows whether a process has visible window or not. This might be useful to catch some trojans. For example, Nailuj.A starts IExplore.exe process, but IE's window will not be visible.

Update:
[+] Full path of processes
[+] phide_ex detection

Update:
SysProt AntiRootkit v1.0.0.4
[+] Faster
[+] Kernel inline hooks removal
[+] Detection and removal of hidden Services Registry keys

Thanks, Mahesh - sounds good!

_________________
Negster22 - MS MVP - Consumer Security 2006-2008

Great work!

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

Hi all,
One more update
[+] SSDT hooks removal

Hi swatkat !

Thank you for SysProt AntiRootkit !

I tested it using too IceSword (IS), RkUnhooker (RkU), Regshot and a very few things on a two years old laptop whith Windows Home Edition and 512Mb of memory.

First small test ...
*-* Regshots detects 6 new Registry keys, 15 new values and 6 modified values. RkU detects two Sysprot hooks : IAT modifications. IS estimates SysProt memory usage between 4268kb and 5004kb (peak). RkU and IS show "SysProtDrv.sy"s into kernel.
*-* Problems ...
..... SysProt delayed a little bit on showing processes and very much for "Ports" and "File System"
..... SysProt show nothing into other modules when the list of Kernel Inline Hooks should include the hooks of IceSword.
..... After several attempts, IS refused to function (not enough memory).
...... Sysprot error message when using it I tried to kill IS.

Second small test ...
*-* No more memory problem using together Sysprot and IceSword (IS) and better delay on listing. I like very much Window visible into process module.
*-* Problems ...
..... Sysprot error message when using it I tried to kill IS.
..... SysProt show nothing into "Kernel Inline Hooks" when it should include the hooks of IceSword (6 Inline – RelativeJump).
..... Sysprot process is killed using IS.

What is the "Registry" module usage ?
What do you think about a translation of Sysprot into Spanish and French ?

Kind Regards.
Txon.