Rootkit detectorSystem Virginity Verifier

[Aaron]

"The idea behind SVV is to check important Windows System components, which
are usually altered by various stealth malware, in order to ensure system
integrity and to discovery potential system compromise.

SVV 1.0 implements only code virginity verification which is the first step
in SVV implementation and its task is to ensure the integrity of the code
sections of in-memory mapped kernel and usermode modules (that is kernel
drivers and usermode DLLs)."

It's a commandline tool. Has some intelligence instead of merely
enumerating all entries, it tries to guess which modifications are
dangerous and which are done by legimate security programs.

Only for advanced users.

 

[Aaron]

Sorry forgot the link

http://www.invisiblethings.org/tools.html

 

[Art]

Sorry forgot the link

http://www.invisiblethings.org/tools.html

Thought I'd mention something else security related here. It looks
like KAV version 3.5 is unavailable for purchase now. But a trial
version is available from ftp sac. It lacks a updating capability.
I guess some here might classify it as abandonware.

I created a updater for it. The d/l and link to the sac ftp site are
are up at my web site.

Insofar as the older scan engine capability, here's what Kaspersky
Labs have to say:

http://www.kaspersky.com/faq?qid=150176199

which suggests that 3.5 won't have full capability to handle some
malware well on infected machines. I do wonder though if the use
of Safe Mode for scanning infected machines takes care of the
issue. I don't think (based on my tests and experience) that detection
is otherwise any different from later versions.

I do urge users to get their hands on this powerful antivirus scanner.
IMO, 3.5 was/is the best version of all.

Art

http://home.epix.net/~artnpeg
Free antivirus:
http://www.ik-cs.com/programs/virtools/KASFX.EXE
http://www.claymania.com/KASFX.EXE
http://tinyurl.com/azzkc

 

[me]

Sorry forgot the link

http://www.invisiblethings.org/tools.html

The page mentions w2k/xp. Any idea under which ver's SVV runs?

TIA
J

 

[Art]

I created a updater for it. The d/l and link to the sac ftp site are
are up at my web site.

For anyone interested, please use the latest AVP_3.5_UPDATER.EXE
file dated 10-11-05. There was a goof with the original one.

Art

http://home.epix.net/~artnpeg
Free antivirus:
http://www.ik-cs.com/programs/virtools/KASFX.EXE
http://www.claymania.com/KASFX.EXE
http://tinyurl.com/azzkc

 

[Aaron]

The page mentions w2k/xp. Any idea under which ver's SVV runs?

Beats me, probably the latest. It sure works on xp sp 2 .

 

[me]

Beats me, probably the latest. It sure works on xp sp 2 .

Apparently not on w9x (missing dependencies).
Oh well...

J

 

[Aaron]

(e-mail address removed) wrote in @netnews.worldnet.att.net:

Apparently not on w9x (missing dependencies).
Oh well...

Well the webpage specifies Win2k/xp for a good reason you know....