Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Warnings about RootKits 3

Status
Not open for further replies.
2ffat

2ffat

Programmer
Oct 23, 1998
4,811
US
Microsoft has issued a new warning about RootKits. These programs spy on the system and may even change the kernel.

They may also be the cause of some Blue Screens o' Death.

James P. Cottingham
-----------------------------------------
To determine how long it will take to write and debug a program, take your best estimate, multiply that by two, add one, and convert to the next higher units.
 
The latter KB article is not a rootkit exploit.
 
The Sysinternals wizards, Mark Russinovich and Bryce Coqswell, have released RootkitRevealer, freeware:

RootkitRevealer is an advanced root kit detection utility. It runs on Windows NT
4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect memory-based rootkits like Fu that don't survive reboots).

What is a Rootkit?
The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.
Click to expand...

Download and discussion of Rootk kit exploits:
 
Cool! :)


James P. Cottingham
-----------------------------------------
To determine how long it will take to write and debug a program, take your best estimate, multiply that by two, add one, and convert to the next higher units.
 
Very cool.

Not an absolute solution, but sufficient at this state of the art.
 
I downloaded and ran the program. It listed every single file I had in my folders (about 22,000) as not visible (a symptom of a bootkit). We are neither impressed nor amused.
 
Status
Not open for further replies.

Similar threads

jlockley
  • Locked
  • Question
avoiding phony virus warnings? 1
Replies
7
Views
52
jlockley
jlockley
2ffat
  • Locked
  • News
Something else the worry about: Fake Defraggers
Replies
5
Views
109
lionelhill
lionelhill
CArceneau
  • Locked
  • Question
questions about antispyware apps
Replies
4
Views
104
sggaunt
sggaunt
cejosa
  • Locked
  • Question
Info needed about 3 trojans
Replies
6
Views
80
goombawaho
goombawaho
2ffat
  • Locked
  • News
More information about Antivirus XP 2008
Replies
2
Views
78
bugguy51
bugguy51

Part and Inventory Search

Sponsor

Back
Top