| View previous topic :: View next topic |
| Author |
Message |
swatkat
Security Expert
Joined: Mar 04, 2005
Posts: 2036
Location: India
|
|
| Back to top |
|
 |
negster22
Security Expert
Premium Member
Joined: Mar 10, 2004
Posts: 5229
|
|
| Back to top |
|
|
SpannerITWks
Sergeant
Joined: Dec 15, 2006
Posts: 91
Location: Uk
|
 Posted: Sun Apr 15, 2007 1:26 am Post subject: |
|
|
I started a new thread about this in here - http://www.dslreports.com/forum/svendors - on the same day i posted in here - http://forum.sysinternals.com/forum_posts.asp?TID=962&PN=31
The info i posted on dsl was Exactly the same as in the SysInternals !
For some " Unknown " reason the dsl thread was removed without ANY warning or explanation ? Nor did i get a PM from anyone about it being deleted either ?
Anybody know why this could have happened ?
I'm sorry it was removed, but it was not my doing.
Spanner
_________________
Stay Safe - BOClean AntiMalware -
|
|
| Back to top |
|
|
swatkat
Security Expert
Joined: Mar 04, 2005
Posts: 2036
Location: India
|
| Posted: Tue Apr 17, 2007 3:44 pm Post subject: |
|
|
Hi SpannerITWks,
Thanks for your cooperation. I wonder why what happened at DSL Reports!
Anyway, as far as SysProt AntiRootkit is considered, I have made a small update. Now, it shows whether a process has visible window or not. This might be useful to catch some trojans. For example, Nailuj.A starts IExplore.exe process, but IE's window will not be visible.
_________________
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
- Albert Einstein
|
|
| Back to top |
|
|
swatkat
Security Expert
Joined: Mar 04, 2005
Posts: 2036
Location: India
|
| Posted: Mon Apr 30, 2007 5:50 pm Post subject: |
|
|
Update:
[+] Full path of processes
[+] phide_ex detection
_________________
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
- Albert Einstein
|
|
| Back to top |
|
|
swatkat
Security Expert
Joined: Mar 04, 2005
Posts: 2036
Location: India
|
| Posted: Tue Jun 12, 2007 6:52 pm Post subject: |
|
|
Update:
SysProt AntiRootkit v1.0.0.4
[+] Faster
[+] Kernel inline hooks removal
[+] Detection and removal of hidden Services Registry keys
_________________
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
- Albert Einstein
|
|
| Back to top |
|
|
negster22
Security Expert
Premium Member
Joined: Mar 10, 2004
Posts: 5229
|
| Posted: Tue Jun 12, 2007 8:07 pm Post subject: |
|
|
Thanks, Mahesh - sounds good!
_________________
Negster22 - MS MVP - Consumer Security 2006-2008 
|
|
| Back to top |
|
|
Prince_Serendip
Site Moderator
Joined: Sep 07, 2002
Posts: 16858
|
|
| Back to top |
|
|
swatkat
Security Expert
Joined: Mar 04, 2005
Posts: 2036
Location: India
|
| Posted: Sun Jun 17, 2007 8:50 pm Post subject: |
|
|
Hi all,
One more update 
[+] SSDT hooks removal
_________________
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
- Albert Einstein
|
|
| Back to top |
|
|
IP: 217.171.*.*
Guest
|
| Posted: Mon Jun 25, 2007 2:55 pm Post subject: |
|
|
Hi swatkat !
Thank you for SysProt AntiRootkit !
I tested it using too IceSword (IS), RkUnhooker (RkU), Regshot and a very few things on a two years old laptop whith Windows Home Edition and 512Mb of memory.
First small test ...
*-* Regshots detects 6 new Registry keys, 15 new values and 6 modified values. RkU detects two Sysprot hooks : IAT modifications. IS estimates SysProt memory usage between 4268kb and 5004kb (peak). RkU and IS show "SysProtDrv.sy"s into kernel.
*-* Problems ...
..... SysProt delayed a little bit on showing processes and very much for "Ports" and "File System"
..... SysProt show nothing into other modules when the list of Kernel Inline Hooks should include the hooks of IceSword.
..... After several attempts, IS refused to function (not enough memory).
...... Sysprot error message when using it I tried to kill IS.
Second small test ...
*-* No more memory problem using together Sysprot and IceSword (IS) and better delay on listing. I like very much Window visible into process module.
*-* Problems ...
..... Sysprot error message when using it I tried to kill IS.
..... SysProt show nothing into "Kernel Inline Hooks" when it should include the hooks of IceSword (6 Inline – RelativeJump).
..... Sysprot process is killed using IS.
What is the "Registry" module usage ?
What do you think about a translation of Sysprot into Spanish and French ?
Kind Regards.
Txon.
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
