Any rootkit prevention, detection and/or repair suitable for use by the average user?

Discussion in 'Computer Security' started by Blue Event Horizon, Aug 12, 2006.

  1. Using Windows XP Media Center Edition 2005 on a computer I've only had
    about a month after 6 1/2 years using another computer with Windows ME
    so I'm still learning about my OS and rootkits have just really come
    to my attention recently. Also now DSL instead of dialup, if that
    matters. Kerio 2.1.5 firewall, AVG Free antivirus, currently using
    Ad-Aware, Spybot, ewido antispyware products (ewido is new to me).

    Are there are programs/tools/whatever suitable for average
    (unsophisticated, ignorant or however you care to characterize us)
    users to prevent, detect and/or repair rootkit threats and problems?
    Preference for freeware and GUI.

    BEH
     
    Blue Event Horizon, Aug 12, 2006
    #1
    1. Advertising

  2. Blue Event Horizon

    nemo_outis Guest

    Blue Event Horizon <> wrote in
    news::

    > Using Windows XP Media Center Edition 2005 on a computer I've only had
    > about a month after 6 1/2 years using another computer with Windows ME
    > so I'm still learning about my OS and rootkits have just really come
    > to my attention recently. Also now DSL instead of dialup, if that
    > matters. Kerio 2.1.5 firewall, AVG Free antivirus, currently using
    > Ad-Aware, Spybot, ewido antispyware products (ewido is new to me).
    >
    > Are there are programs/tools/whatever suitable for average
    > (unsophisticated, ignorant or however you care to characterize us)
    > users to prevent, detect and/or repair rootkit threats and problems?
    > Preference for freeware and GUI.
    >
    > BEH
    >


    All the following require a modicum of intelligence:

    RootkitRevealer
    http://www.sysinternals.com/Utilities/RootkitRevealer.html

    F-secure BlackLight
    https://europe.f-secure.com/blacklight/

    IceSword (arguably the best bnut also the geekiest)
    http://tinyurl.com/ckqsn [English download mirror]

    Regards,
     
    nemo_outis, Aug 12, 2006
    #2
    1. Advertising

  3. From: "nemo_outis" <>


    | All the following require a modicum of intelligence:
    |
    | RootkitRevealer
    | http://www.sysinternals.com/Utilities/RootkitRevealer.html
    |
    | F-secure BlackLight
    | https://europe.f-secure.com/blacklight/
    |
    | IceSword (arguably the best bnut also the geekiest)
    | http://tinyurl.com/ckqsn [English download mirror]
    |
    | Regards,
    |

    Add...

    gmer -- http://www.gmer.net/

    Vinzenz Feenstra, ewido anti-spyware developer, Anti-RootKit Beta
    http://blog.evilissimo.net/2006/08/01/grisoft-avg-anti-rootkit-beta/


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Aug 13, 2006
    #3
  4. Re: Any rootkit prevention, detection and/or repair suitable foruse by the average user?

    David H. Lipman wrote:
    > From: "nemo_outis" <>
    >
    >
    > | All the following require a modicum of intelligence:
    > |
    > | RootkitRevealer
    > | http://www.sysinternals.com/Utilities/RootkitRevealer.html
    > |
    > | F-secure BlackLight
    > | https://europe.f-secure.com/blacklight/
    > |
    > | IceSword (arguably the best bnut also the geekiest)
    > | http://tinyurl.com/ckqsn [English download mirror]
    > |
    > | Regards,
    > |
    >
    > Add...
    >
    > gmer -- http://www.gmer.net/


    And remove BlackList, as it's nothing special over other common non-beta
    free utilities. At its first release it offered a sinmple but special
    method to detect unlinked process lists, but this is now a standard
    feature of Gmer, DarkSpy, Knlps and VICE.

    Rootkit Revealer might me removed as well, as it's totally buggy. On
    well-hardened machines is doesn't even run (spawns the service process
    and then crashes) and even on kinda normal machines it may run into bad
    errors (f.e. if you linked C:\mnt\floppy to A:\ and no floppy is
    inserted, the 'dir' command in the spawned cmd.exe process will hang
    forever, so the entire file system scan fails completely).

    > Vinzenz Feenstra, ewido anti-spyware developer, Anti-RootKit Beta
    > http://blog.evilissimo.net/2006/08/01/grisoft-avg-anti-rootkit-beta/


    Yeah, this one is another piece of junk. Without any question is tries
    to remove a simple hidden process, fails, reboots, tries again, fails,
    crashes, ...


    Add...

    DarkSpy
    RkDetector2
    VICE
    System Virginity Verifier
     
    Sebastian Gottschalk, Aug 13, 2006
    #4
  5. Blue Event Horizon

    nemo_outis Guest

    "nemo_outis" <> wrote in news:Xns981DA3A26BE65abcxyzcom@
    204.153.244.170:

    You ask - I deliver!

    Here's a compilation (41 meg) of the following anti-rootkits:

    Windows Anti-Rootkit Apps:

    Rootkit Revealer
    F-Secure BlackLight
    Process Master
    HookExplorer
    GMER
    UnHackMe
    IceSword
    Darkspy
    System Virginity Verifier
    Rootkit Hook Analyzer
    HiddenFinder
    LavaSoft ARIES Rootkit Remover

    Windows Rootkit Prevention Apps:

    AntiHook Pro
    Process Guard
    GesWall Personal
    Defense Wall HIPS
    SocketShield
    Neoava Guard
    Defense Plus

    Linux/BSD Apps:

    CHKRootkit
    RkHunter
    Zeppoo

    Download it from:

    http://rapidshare.de/files/29162303/AntiRootkits_AIO.rar

    rar password: www.2baksa.net

    Regards,
     
    nemo_outis, Aug 13, 2006
    #5
  6. Blue Event Horizon

    Admins Guest

    On 13 Aug 2006 15:52:53 GMT, nemo_outis wrote:

    > Path: auth.newsreader.octanews.com!newsreader.visi.com!news-out.octanews.net!indigo.octanews.net!authen.yellow.readfreenews.net.POSTED!not-for-mail
    > Newsgroups: alt.computer.security
    > Subject: Re: Any rootkit prevention, detection and/or repair suitable for use by the average user?
    > From: nemo_outis <>
    > References: <> <Xns981DA3A26BE65abcxyzcom@204.153.244.170>
    > Organization: erewhon
    > Message-ID: <Xns981E6484E5D57abcxyzcom@204.153.244.170>
    > User-Agent: Xnews/2006.06.28
    > Date: 13 Aug 2006 15:52:53 GMT
    > Lines: 46
    > NNTP-Posting-Date: 13 Aug 2006 10:52:53 CDT
    > X-Trace: DXC=_8e1T@:\DZHM@X[oR]n0HIbQ9W<K20`3BO6Gh9bA988N6>bBE>CcU@J>ElQReo>5lCEP9Dm9AWa^KdCLiFbIA4GCZ[?S<P@4`dI
    > Xref: auth.newsreader.octanews.com alt.computer.security:48475
    >
    > "nemo_outis" <> wrote in news:Xns981DA3A26BE65abcxyzcom@
    > 204.153.244.170:
    >
    > You ask - I deliver!
    >
    > Here's a compilation (41 meg) of the following anti-rootkits:
    >
    > Windows Anti-Rootkit Apps:
    >
    > Rootkit Revealer
    > F-Secure BlackLight
    > Process Master
    > HookExplorer
    > GMER
    > UnHackMe
    > IceSword
    > Darkspy
    > System Virginity Verifier
    > Rootkit Hook Analyzer
    > HiddenFinder
    > LavaSoft ARIES Rootkit Remover
    >
    > Windows Rootkit Prevention Apps:
    >
    > AntiHook Pro
    > Process Guard
    > GesWall Personal
    > Defense Wall HIPS
    > SocketShield
    > Neoava Guard
    > Defense Plus
    >
    > Linux/BSD Apps:
    >
    > CHKRootkit
    > RkHunter
    > Zeppoo
    >
    > Download it from:
    >
    > http://rapidshare.de/files/29162303/AntiRootkits_AIO.rar
    >
    > rar password: www.2baksa.net
    >
    > Regards,


    I like f-secure black light, if it finds anything it gives you the option
    of doing a google search on the item so you can see what it is and exactly
    what it does. It's alot better than deleting a file you really need, most
    of these root kit detectors are still giving false positives and are still
    in beta,
    --
    Admin


    * www.privacyoffshore.net (No Logs Internet Surfing)
    * Anonymous Secure Offshore SSH-2 Surfing Tunnels
     
    Admins, Aug 15, 2006
    #6
  7. Blue Event Horizon

    raincoater Guest

    Hello, nemo_outis!
    You wrote:


    > You ask - I deliver!
    >
    > Here's a compilation (41 meg) of the following anti-rootkits:
    >
    > Windows Anti-Rootkit Apps:
    >
    > Rootkit Revealer
    > F-Secure BlackLight
    > Process Master
    > HookExplorer
    > GMER
    > UnHackMe
    > IceSword
    > Darkspy
    > System Virginity Verifier
    > Rootkit Hook Analyzer
    > HiddenFinder
    > LavaSoft ARIES Rootkit Remover
    >
    > Windows Rootkit Prevention Apps:
    >
    > AntiHook Pro
    > Process Guard
    > GesWall Personal
    > Defense Wall HIPS
    > SocketShield
    > Neoava Guard
    > Defense Plus
    >
    > Linux/BSD Apps:
    >
    > CHKRootkit
    > RkHunter
    > Zeppoo
    >
    > Download it from:
    >
    > http://rapidshare.de/files/29162303/AntiRootkits_AIO.rar
    >
    > rar password: www.2baksa.net
    >
    > Regards,



    Thanks Nemo. Much appreciated.
     
    raincoater, Sep 9, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David H. Lipman
    Replies:
    34
    Views:
    3,434
    Jim Byrd
    Sep 25, 2005
  2. Replies:
    18
    Views:
    6,839
    Sue Perficial
    Nov 23, 2005
  3. Rootkit detection and removal

    , Mar 12, 2006, in forum: Computer Support
    Replies:
    5
    Views:
    2,648
    Plato
    Mar 12, 2006
  4. Dave W
    Replies:
    0
    Views:
    443
    Dave W
    Jul 28, 2008
  5. Giuen
    Replies:
    0
    Views:
    1,000
    Giuen
    Sep 12, 2008
Loading...

Share This Page