|
** RootKit Detection + Prevention ! ** |
Post Reply 
|
Page 123 41> |
| Author |
 Share Topic Printable Version Delicious Digg Facebook Furl Google MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search  Topic Options
|
||||
bootsect 
Senior Member 
Joined: 24 December 2009 Location: kernelmode.info Online Status: Offline Posts: 682 |
 Post Options
 Quote Reply
 Topic: ** RootKit Detection + Prevention ! **Posted: 26 March 2010 at 7:16am |
||||
 |
|||||
|
gbash
Newbie 
Joined: 24 December 2009 Location: AUSTRALIA Online Status: Offline Posts: 1 |
Post Options
Quote Reply
Posted: 25 December 2009 at 7:06am |
||||
|
Hi,
Have tried the link http://www.testing.onlytherightanswers.com/modules.php? etc seveal times But get this redirected ??? to link
Have noted date of posting and maybe the link is no longer valid. The info could be helpful so if u could advise.
Meantime the rest of your stuff is going to be very helpful
Chow for Now!
|
|||||
|
Graham Bashford
|
|||||
|
|||||
|
wlording
Newbie
Joined: 10 December 2006 Location: China Online Status: Offline Posts: 4 |
Post Options
Quote Reply
Posted: 12 May 2009 at 4:00am |
||||
thank you very much!
years past.
my product has been released,this is my web:http://www.wlording.com/
have a funny.  Edited by wlording - 14 May 2009 at 5:45pm |
|||||
|
|||||
|
car
Newbie
Joined: 20 April 2009 Online Status: Offline Posts: 1 |
Post Options
Quote Reply
Posted: 20 April 2009 at 1:50pm |
||||
|
Hello (I'm new to this thread)
Reading your post Samurai HIPS - and especially referring to "Interesting results !" for tests width Rootkit in http://www.wilderssecurity.com/showthread.php?s=62b4e9d3467d dec7c2eea18a2fefedec&t=167309 it seemed, that Samurai did a god job to block some Rootkits.
Today I tried to test Samurai HIPS 2.7 downloaded from the original site(http://www.turbotramp.fre3.com/).
FYI (if enyone)
Unforturnally it turned out, that 2.7 is now infected with a kind of Password Stealing Trojan and Adware Virus
 and some Chinese words began to show up in all my IE Title bars.My AV tool (Kaspersky Internet Security 2009, ver. 8.0.0.506 (a.b)) Stoped and Deleted it. + Malwarebytes' could handle it.
Report (Edited / translated to UK):
--------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.36 Database version: 2009 Windows 5.1.2600 Service Pack 3 mbam-log-2009-04-20 (10-04-02).txt
Scan type: Quick Scan
Objects scanned: 76804 Time elapsed: 5 minute(s), 48 second(s) Memory Processes Infected: 0
Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected:
(No malicious items detected) Memory Modules Infected:
(No malicious items detected) Registry Keys Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (75784982-2697-4fb9-890f-44f30e50cf4d) (Trojan.BHO.H) -> Successfully Quarantined and Deleted. HKEY_CLASSES_ROOT \ CLSID \ (75784982-2697-4fb9-890f-44f30e50cf4d)
(Trojan.BHO.H) -> Successfully Quarantined and Deleted. Registry Values Infected:
(No malicious items detected) Registry Data Items Infected:
(No malicious items detected) Folders Infected:
(No malicious items detected) Files Infected:
C: \ Documents and Settings \ xxxxxxxxxx \ Local Settings \ Temp \ Temporary Folder 1 of Samurai.zip \ PopupBlocker.dll (Trojan.BHO.H) -> Delete Monday reboot. Too bad throw … is there someone who would be kind enough, to recommend me an alternative tool/s to block against the major Rootkits out there? Thanks in advance car car |
|||||
|
|||||
|
Skorpion
Newbie
Joined: 12 March 2009 Online Status: Offline Posts: 1 |
Post Options
Quote Reply
Posted: 12 March 2009 at 3:12pm |
||||
AVZ version 4.30 can be download from the link below.
Note: This website is mostly in Russian.
-Skorpion
|
|||||
|
|||||
|
EASTER
Senior Member
Joined: 27 October 2006 Location: United States Online Status: Offline Posts: 336 |
Post Options
Quote Reply
Posted: 21 August 2008 at 6:32am |
||||
Pretty much sums things up accurately enough. All matters have fully run their course plus with intorduction of the greatest O/S Vista now, all applications formerly exclusive only to NT Systems must comply (as-a-rule) with Vista O/S. Pity really.
Well, at least was fun while the going was good and no Vista was near.
EASTER
|
|||||
|
INTENSIVE TECHNICAL RESEARCH ANALYSIS AND STEALTH EXAMINER.
|
|||||
|
|||||
|
Diablo
Senior Member
Joined: 16 July 2008 Location: Western Sahara Online Status: Offline Posts: 251 |
Post Options
Quote Reply
Posted: 04 August 2008 at 7:11pm |
||||
AFAIK exactly 5000/10000 were transfered to authors of these programs. More to say, they are now working on TrendMicro, AFAIK cardmagic working on TrendMicro Rootkit Buster antirootkit (and their AV's solutions).
Well, this depends on how you presented your software. Even Unreal.B sector hiding rootkit source (130 Kb) was sold for the price more than Darkspy cost by TM opinion.
Yes, usually good kernel mode bot costs ~ DS price, at least in Russia. Support? Then more. Trivial trojan downloader bot with private cryptor and builder can cost 5000$ (this is just starting price). I can imagine how many costs Rustock.
Usual merchants, they want easy money, and this sphere gives them it. Just image - 40.000.000 of active bots of just ONE botnet each day sents billions of SPAM emails, as example. Payload is great, botnet masters - they are millionaires, usual trojan coders of course no. TTL (Time To Live) of rootkits is not very long. This depends on the level of rootkit. Usual trojans must live ~3, 5 month, they getting payload not by stealth, by their count. Kernel mode spambots should stay alive more, but ~1 year it is almost the top. Rustock.C works well all 2007 year and died in the end of it, so antivirus companies just established fact of its existence, there are almost no C variants ITW. And now image how many payload was from C variant, and even still working B.
Exactly. Well you know, malware community honestly don't care about antivirus companies their neverdying stupid advertising, proactive defense, other stupid terms etc. They perfectly understand one thing -> they will get payload no matter what AV side will do to prevent them. It is huge business, capable by count of money with with AV business. And you know, AV side is honestly don't care about their users. Do you think they really want to help somebody with trojan at his/her computer? Maybe this was in 199x, but now, all, absolutely all stays on $$$. Take a look on Kaspersky Lab official position as a perfect illustration. "We can't cure, detect this malware? Well, then IT IS NOT EXISTS, and we will tell this everybody, no matter have them this malware on their computers or no". "Something bypassed our proactive defense? How this can be? You are idiot!" "Bootkit? WTF is that? What it is undetected by our super-puper Antivirus 7.0? Hahaha, this trojan is not widely spread, so Okay guys, relax, no real threat here". "BUGS????! In our AV???!! IT IS IMPOSSIBLE, you tested not final version" "Well you know, I'm the best exUSSR virus analysts, - said Gostev privately". "We will prevent what we can't cure", - E.K. on last CEBIT. This is Collection of dangerous and simple stupid Delusions. |
|||||
|
|||||
|
from_China
Newbie
Joined: 09 July 2008 Location: China Online Status: Offline Posts: 3 |
Post Options
Quote Reply
Posted: 04 August 2008 at 6:40pm |
||||
Did you omit "0" in these numbers? It's a pity, AR completely with the source code costs so cheap.
I can understand why some programmers start to write malware.
EP can you share your opinion about who is behind malware industry?
IMO the distorted picture how it presented by AV companies (good vs bad, white vs black) don't reflex the real situation.
Thanks
P.S. SystemPro - stay away from this forum, nobody cares about your opinion
|
|||||
|
|||||
|
Diablo
Senior Member
Joined: 16 July 2008 Location: Western Sahara Online Status: Offline Posts: 251 |
Post Options
Quote Reply
Posted: 04 August 2008 at 3:31pm |
||||
Hmm. Strange I never noticed this post here before. The answer is simple, dream has come to an end. Nobody don't care, $$$ everywhere, time of the enthusiasts have nearly come to an end. DarkSpy sold to TrendMicro for 10.000 $ and can't continue. IceSword sold to TrendMicro for 5.000 $ and very likely will not be continued. RkTrap fall to abyss with his author. GMER sold to Avwil Software and very likely will be not as before (maybe Gmerek at last will fix his neverending bugs then?). list continues. Even Rustock series is over. There are no more future E, F etc. Whats left? Not so many. Mostly crappy sh*t as this SRD bullsh*t VMX "detector" of nothing. This is nearly end of the saga, are you ready for jump?  This topic is also dead. |
|||||
|
|||||
|
EASTER
Senior Member
Joined: 27 October 2006 Location: United States Online Status: Offline Posts: 336 |
Post Options
Quote Reply
Posted: 06 May 2008 at 11:56pm |
||||
|
I recall when this topic used to be RED HOT! with new ARK's, some even experimental of sorts, came out in rapid succession.
Is there the possibility that now VISTA has begin to creep on the stage thats the reason we don't find anymore additions coming to light here like before?
Or have they simply run the gambit and theres no more interest in Rootkit Detections for basic NT Systems as before?
|
|||||
|
INTENSIVE TECHNICAL RESEARCH ANALYSIS AND STEALTH EXAMINER.
|
|||||
|
|||||
|
Post Reply
|
Page 123 41> |
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
