Detecting rootkits?

J

JasonW

Does anyone have a recommendation for testing for the presence of rootkit on
a Windows system?
I went to www.chkrootkit.org, but they seem to concentrate on UNIX based
systems.

This is a fairly new subject for me, so if anyone has some experience or can
direct me towards more information, I'd appreciate it.

-JasonW
 
M

Miha Pihler

Hi Jason,

I don't have any direct answer for you but maybe just few tips...

* Install good antivirus, antispyware, software that might be able to also
detect rootkits
* Use good firewall and block any unused ports (e.g. Why leave open e.g.
outbound TFTP if you don't use it. This is not a good thing :). E.g. I
might use it to connect from YOUR server to my server and download 2GB of
software that I can run against your network later on...)
* Don't install software you don't trust (If you need to install software
you don't trust first run some test in lab. See what it does to the system
and on the network)
* Don't run Kazaa and other such services, you never know ... (you don't
have control over them, they have control over you) ...
* Keep you PC up-to-date with patches
* Log (monitor) what's going on your PC and network (e.g. any traffic that
is not supposed to be there...)
 
S

Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]

Root kit is typically a "Unix" term. If someone has enabled the guest account
or has the password to the Administrator account, they they "own" a Windows box.

In general Download Microsoft Baseline Security Advisor
Microsoft Baseline Security Analyzer V1.1:
http://www.microsoft.com/technet/security/tools/Tools/mbsahome.asp?frame=true

GFI LANguard Network Security Scanner:
http://www.gfi.com/downloads/downloads.asp?pid=8&lid=1
This scans your system for trojans, etc.
Does anyone have a recommendation for testing for the presence of rootkit on
a Windows system?
I went to www.chkrootkit.org, but they seem to concentrate on UNIX based
systems.

This is a fairly new subject for me, so if anyone has some experience or can
direct me towards more information, I'd appreciate it.

-JasonW
Click to expand...

--
"Don't lose sight of security. Security is a state of being, not a
state of budget. He with the most firewalls still does not win.
Put down that honeypot and keep up to date on your patches. Demand
better security from vendors and hold them responsible. Use what
you have, and make sure you know how to use it properly and effectively."
~ Rain Forest Puppy

http://www.wiretrip.net/rfp/txt/evolution.txt
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Rootkit infection (Popureb) requires Windows reinstall, says Microsoft 1
Devastating Malware/Rootkit - Invincible 1
[Update] Sysinternals - RootkitRevealer 1.4 4
can WD detect and remove rootkit type-antipiracy/cloaking spyware? 1
Black ops: how HBGary wrote backdoors for the government (part 3) 0
Black ops: how HBGary wrote backdoors for the government (Part 1) 0
Are Sony at it again ... installing another Rootkit 0
NEW rootkit still not detected 1

Top