The online racing simulator
System security and rootkits:
(24 posts, started )
#1 - CSU1
System security and rootkits:
Anyone interested in their systems security and don't have a background in IT or Windows security management might find this thread usefull.

Here is an overview of what a rootkit is, the different methods they use to hook onto your system and how they are able to hide files, folders, processes and even ports and network traffic on the infected host.

This tool is free and am just getting to grips with all the crap hooked on my system.

I want to use this thread for discussion on the various hooks and rootkits that people discover on their systems and hopefully we can help one and other rid our systems of this crap.
#2 - micha1980de
first i'd like to know if the producer/programmer is trustworthy and reliable.
because what if this thing gets your system clean but installs itself a cloaked keylogger etc...

regards
#3 - AndroidXP
Number 1 in internet security is the common sense to never ever download and install software from a site that looks like this (http://rkunhooker1.narod.ru/), no matter how many reassuring comments there are.
#4 - BBO@BSR
#5 - BBO@BSR
Quote from AndroidXP :Number 1 in internet security is the common sense to never ever download and install software from a site that looks like this (http://rkunhooker1.narod.ru/), no matter how many reassuring comments there are.

I totally agree (btw that's also my #1 in internet security )
I looks like the typical script kiddy, trojan, backdoor contaminated site where normaly the content looks like: "Be a Hacker in 5 days - The book - Download now. "
#6 - micha1980de
#7 - AndroidXP
I probably wouldn't download software from that site either, simply because if I had rootkit problems I'd be sure to download it from a site I know to be trustworthy. However, it looks about 1000 times more serious than the one CSU posted.

Seriously CSU, if you install software from sites like you posted, then you really shouldn't wonder if you have viruses, trojans and rootkits all over your system
#8 - BBO@BSR
Quote from micha1980de :what are you trying to tell me with that emoticon?
to me your link doesn't look trustworthy at all.
i'm sorry but i don't get your argument here.

regards

Well that smily means for my "take a look there" or in German "Guck mal hier" it was meant to assist what you posted about how trustworthy the software is.

Those who can read see that first headline there is:
Warning: Rootkit Unhooker(RKU)
...
Rootkit Unhooker authors create rootkits and anti-rootkit
for detecting this rootkit at the same moment.
...

So it wasn't meant to download something from this site (and I never said that or recommend it) it's just to show that you can easily find things about how safe the software is or not. I thought the first headline there starting with "Warning" will be more then obvious but I didn't expected nobody would read that

I hope it's a bit clearer now
#9 - CSU1
hold on, I don't care what applications you use to check for api hooks etc. There is no install in that software anyhow.
Not one of you have even tried to discuss the topic, you'd rather point out whats wrong with things as most always do.

I did state in the op I want to use this thread for discussion on the various hooks and rootkits that people discover on their systems and hopefully we can help one and other rid our systems of this crap.....you know maybe some might help here and maybe say "hey that app is no good, heres a link"......nope ye just didn't like the look of it and posted some commercial bullshit arguement about nothing in particular not helping at all.

maybe someone might actually post something usefull and discuss the topic...maybe...
#10 - Shotglass
Quote from AndroidXP :Number 1 in internet security is the common sense to never ever download and install software from a site that looks like this (http://rkunhooker1.narod.ru/), no matter how many reassuring comments there are.

actually its simpler ... dont ever install anything from a .ru tld

Quote from CSU1 :I want to use this thread for discussion on the various hooks and rootkits that people discover on their systems

like the one you linked to ?
#11 - AndroidXP
Quote from Shotglass :actually its simpler ... dont ever install anything from a .ru tld

Actually that's true. I immediately thought this as soon as the site loaded, the look of it was then just the icing on the cake.
#12 - CSU1
Quote from Shotglass :actually its simpler ... dont ever install anything from a .ru tld



like the one you linked to ?

well ok, this is a learning experience.... I just don't know better.

So what would you suggest as a better app?

Im not doing this because my PC is full of viruses and stuff...I just like the idea of knowing whats going on in a system and how to look for stuff...you know? learning...
#13 - Test Driver
Quote from CSU1 : well ok, this is a learning experience.... I just don't know better.

So what would you suggest as a better app?

Im not doing this because my PC is full of viruses and stuff...I just like the idea of knowing whats going on in a system and how to look for stuff...you know? learning...

http://www.microsoft.com/techn ... rity/RootkitRevealer.mspx

If you want a trustworthy scan for rootkits, try this. The program you posted looks like malware in the first place.
#14 - Shotglass
last time i dealt with rootkits hijack this was state of the art although its probably not something most people will understand the output of
however there are many forums that specialize in analyzing hijack this logs for users like yourself ... so if you think you might have a rootkit on your system i would seek out these places and ask for help
#15 - micha1980de
google for "rootkit revealer"
use a few tools from Mark Russinovich (http://www.sysinternals.com/) (u'll get redirected to Microsoft)
or use Blacklight (f-secure)
or read "heise.de" (c't magazine [in german :/ ]) or any equal tech-mag

Hijackthis got reall trouble with a smaller bug on my sys a few weeks ago (no virus,trojan,rootkit etc.) so it wasn't even able to start nor to scan.
Any of these online-scanners were practical useless to me since it wasn't any known "bad" software (in my case).

hope that's more to your liking...

regards
#16 - Albieg
Quote from AndroidXP :Number 1 in internet security is the common sense to never ever download and install software from a site that looks like this (http://rkunhooker1.narod.ru/), no matter how many reassuring comments there are.

My opinion, and not only mine, differs strongly from the misinformation oozing from this thread.
There's a lot of folklore on the site and they have lots of feuds with other people interested in rootkits, but anyway Rkunhooker is considered - at the moment - reliable. The social skills of the authors are questionable, sure, but did anyone really look how the software is really considered in the security world? I really doubt it, since all the links I've found here are related to a very well known feud and to the aspect of the original site.
I hope this thread on sysinternals forum (who mentioned rootkit revealer?) may suffice to stop all the speculations in this forum:
http://forum.sysinternals.com/ ... endly_posts.asp?TID=11093
#17 - AndroidXP
Again, this site simply rings all my alarm bells and no amount of good comments by anybody would make me download & install software from it, period. It might be okay, it might be reliable and you might call me paranoid - but I'm not the one having rootkit problems either, and I prefer it to stay that way, thanks.
#18 - Albieg
Quote from AndroidXP :Again, this site simply rings all my alarm bells and no amount of good comments by anybody would make me download & install software from it, period. It might be okay, it might be reliable and you might call me paranoid - but I'm not the one having rootkit problems either, and I prefer it to stay that way, thanks.

That's your choice. However your number 1 security rule doesn't seem to work very well in this case, or so thinks the community professionally interested in security.

Edit: by the way, I wouldn't call you paranoid, as paranoia is routine when you talk about security. I tend to be paranoid since it's part of my job, and this leads me to double or triple-check everything, including reliable sources.
#19 - Blowtus
program works fantastically, fixed one for me, kills the tricky running processes, finds the hidden files, etc. Far, far more powerful than the likes of hijackthis. If the sysinternals folk are happy to state that it's not malicious I'm happy to run with that.
#20 - Lotesdelere
#21 - Albieg
The three antirootkits you mentioned only do a marginal job. You can trust them, but I'll stick with GMER, IceSword, Rootkit Revealer and RKUnhooker, because I trust them more.
May I suggest some further reading? A forumer posted a reference to a german magazine, c't, while suggesting the usage of some antirootkits. Now, let's read part of a post on Wilders Security Forums:

Recently the highly respected German computer magazine c't published a test of various anti-rootkit tools, too.

The following tools were included:

* AVG Antirootkit v. 1.0.0.13 beta
* Avira Rootkit Detection 2.0. beta
* Bitdefender Rootkit Uncover 1.0 beta 2
* Darkspy 1.0.5 Test
* F-Secure Blacklight 2.2.1050 beta
* Gmer 1.0.12.12011
* Helios 1.1a
* IceSword 1.20
* Rootkit Revealer 1.7.1
* Rootkit Unhooker 3.0.86.338 RC3
* SEEM 4.0
* Spohos Antirootkit 1.2
* UnHackMe 3.1

c't recommends for users not intensely familiar with OS internals AVG Antirootkit and F-Secure Blacklight as the best one-click solutions. For advanced users and forensics c't recommends GMER and Rootkit Unhooker. The latter removes all hooks of a rootkit, so a subsequent scan by a anti virus scanner might detect that rootkit.

Need I say more?

Edit: on both the well known security forums I mentioned EP_XOFF appears as a forumer. He is the co-author of RKUnhooker. He's highly respected in both forums (and threads). I really don't know why he should be suspected of wrongdoing here.
#22 - CSU1
Quote from Albieg :The three antirootkits you mentioned only do a marginal job. You can trust them, but I'll stick with GMER, IceSword, Rootkit Revealer and RKUnhooker, because I trust them more.
May I suggest some further reading? A forumer posted a reference to a german magazine, c't, while suggesting the usage of some antirootkits. Now, let's read part of a post on Wilders Security Forums:

Recently the highly respected German computer magazine c't published a test of various anti-rootkit tools, too.

The following tools were included:

* AVG Antirootkit v. 1.0.0.13 beta
* Avira Rootkit Detection 2.0. beta
* Bitdefender Rootkit Uncover 1.0 beta 2
* Darkspy 1.0.5 Test
* F-Secure Blacklight 2.2.1050 beta
* Gmer 1.0.12.12011
* Helios 1.1a
* IceSword 1.20
* Rootkit Revealer 1.7.1
* Rootkit Unhooker 3.0.86.338 RC3
* SEEM 4.0
* Spohos Antirootkit 1.2
* UnHackMe 3.1

c't recommends for users not intensely familiar with OS internals AVG Antirootkit and F-Secure Blacklight as the best one-click solutions. For advanced users and forensics c't recommends GMER and Rootkit Unhooker. The latter removes all hooks of a rootkit, so a subsequent scan by a anti virus scanner might detect that rootkit.

Need I say more?

Edit: on both the well known security forums I mentioned EP_XOFF appears as a forumer. He is the co-author of RKUnhooker. He's highly respected in both forums (and threads). I really don't know why he should be suspected of wrongdoing here.

Reading the posts and reviews on informationweek.com/sysinternals and Wilders it looks like GMER AND RKU are really the only two to trust.
They aren't made by large commercial names....so I'd rather stick with these two and learn abit rather than the nice pretty gui's and frills of the commercial brands such as AVG as you never really know what buisness partners and software they share and may keep information from the user.

E:

have you tried Seem yet? I can't seem to find any reviews in English...
....also, do you know where I could find information on kernel modules???
#23 - Albieg
Quote from CSU1 :
have you tried Seem yet? I can't seem to find any reviews in English...

Sincerely I don't remember. I tested lots of antirootkits, but as I said in the other thread at the moment it's not one of those I use, and certainly I never used it on a production machine.
As for kernel modules: Internet, Mark Russinovich's books (Windows Internals), and a site I wouldn't recommend to the laymen: www.rootkit.com. Being a grey hat site, enter and download stuff at your own risk. You have been warned.
The situation is evolving constantly (see how many beta or rc products?) so I'm not dissing anything, not even Seem.
As a final note, there's been too much undeserved mudslinging and some outright libel in this thread, so I'll call it quits because I find all of this extremely irritating, just as my colleagues do.
#24 - Mako.
Quote from Shotglass :actually its simpler ... dont ever install anything from a .ru tld

Being a Russian myself, i can only strongly concur. DO NOT DO IT... EVAH!

The thing, is what are we Russians mostly known for? (except women and vodka?) ...exactly.

System security and rootkits:
(24 posts, started )
FGED GREDG RDFGDR GSFDG