Hi all,

Update!
Latest Version:
SysProt AntiRootkit v1.0.0.4

I am happy to release the SysProt AntiRootkit v1.0.0.3 Beta. Thanks to CC and all who have helped me!
Features:

• Hidden process detection and removal
  
• Hidden drivers detection
  
• SSDT Hooks detection and remvoal
  
• Kernel Inline hooks detection and removal
  
• Sysenter Hook detection
  
• TCP/UDP Ports Info
  
• File System browser
  
• Hidden Services Registry keys detection and removal

OS supported:
Windows 2000/XP/2003

Download link: /zx/swatkat/SysProt.zip

Screenshot:


Feedbacks are welcome

Anyone interested in some research rootkits can get them here : /t180919-MalRootkit_droppers_assorted_for_archiving_sharing.html .

I am on my there now .

@nosirrah
Thanks for the info. Downloading them

Looks like SysProt can't see the SSDT hooks of wincom32.sys .

Code:

No SSDT Hooks found

---

Author: swatkat, Location: India Posted: Sun Mar 18, 2007 3:23 pm    Post subject:

---

Hi,
Thanks for testing SysProt AntiRootkit. I have made some updates, please download the tool from the link given in my first post here.
BTW, I am able to see Wincom32 and Nailuj rootkits in my test box.

---

Author: nosirrah, Location: USA Posted: Sun Mar 18, 2007 11:50 pm    Post subject:

---

Will retest tonight . Is there any chance that SP1 and SP2 would function differently ?

---

Author: SpannerITWks, Location: Uk Posted: Wed Mar 21, 2007 10:53 pm    Post subject:

---

swatkat

Hi,

I'm a little bit later than i would have liked in saying thanx for this, and may i encourage you to update it as often as you can.

I did however manage to include it as soon as you released it over in the SysInternals Rootkit thread - http://forum.sysinternals.com/forum_posts.asp?TID=962&PN=1&TPN=30

All the best,

Spanner

---

Author: negster22,  Posted: Thu Mar 22, 2007 3:11 am    Post subject:

---

Good job, Mahesh, and Congrats. I know you've been working very hard

Also, very nice of Spanner to insert a link to your program in the Sysinternals thread. I haven't checked out your latest version of SysProt ARK yet, but plan to soon.

---

Author: swatkat, Location: India Posted: Sun Mar 25, 2007 9:12 pm    Post subject:

---

Hi all,
Thanks for all the support @negster22 and SpannerITWks I will be try my best to keep the tool up-to-date.
And, thank you SpannerITWks, for listing SysProt AntiRootkit at Sysinternals thread

---

Author: SpannerITWks, Location: Uk Posted: Sun Mar 25, 2007 11:36 pm    Post subject:

---

swatkat

Pleasure, and please do try and keep it updated. Don't forget the cheque now will ya, in $ lol.

Spanner

---

Author: negster22,  Posted: Mon Mar 26, 2007 1:47 am    Post subject:

---

swatkat wrote:

Thanks for all the support @negster22 and SpannerITWks Smile I will be try my best to keep the tool up-to-date.

All times are GMT