RootKit Revealer Tool

R

R. McCarty

For anyone who's been reading up on the potential, newest threat to
Windows (Rootkits). SysInternals has created/posted a tool that will
scan your system.
http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
(on a Technical Savvy scale of 10 - this one is about 8.5)

Rootkits is basically a way for Malware, etc to "Hide" itself within the
OS, so normal scanning tools and detectors are unable to locate them.
If I understand it correctly, the Malware actually hooks into system code
making it almost invisible to normal scanning methods. In one article it
indicates the only removal process will be a full system re-install !

It worthwhile to spend some time researching this issue, as it won't be
long before this threat becomes more prevalent.
 
M

Melelina

I ran it already. Hard to understand the output. If you have KAV 5.0 you
can't use the tool as it identifies all files as being discrepancies.
 
R

R. McCarty

Yes, it's a little on the cryptic side. What I don't understand is how
RootKits can get past Windows File Protection. I would assume it
doesn't change the identifier that WFP monitors. Still, it seems like
a big challenge, since the normal checks-&-balances for locating &
removing Malware don't apply.
On my system it picks up about 8 items that I'm researching a little
more to determine what is going on. Maybe we need a different form
of WGA (Windows Genuine API's).
 
J

José Gallardo

Moreover, the site is not very clear. Is every discrepancy suspect of beeing a rootkit?
 
R

R. McCarty

No, I certainly don't think that's the case. RootKits have been around
for a while, but some Microsoft Security experts recently wrote a paper
on how this kind of threat can be used against Windows & how difficult
it would be to detect it. Maybe it's not a Real-World threat today, but
shows how something like that would be very difficult to "Root Out" from
your machine.

Moreover, the site is not very clear. Is every discrepancy suspect of beeing
a rootkit?
 
D

Dan

Please tell me how you keep your system(s) secure and I will try to the best
of my ability to help you solve your problem(s) or questions.

Security on Electronics is my Passion

GodSpeed!!!

: Yes, it's a little on the cryptic side. What I don't understand is how
: RootKits can get past Windows File Protection. I would assume it
: doesn't change the identifier that WFP monitors. Still, it seems like
: a big challenge, since the normal checks-&-balances for locating &
: removing Malware don't apply.
: On my system it picks up about 8 items that I'm researching a little
: more to determine what is going on. Maybe we need a different form
: of WGA (Windows Genuine API's).
:
:
: : >I ran it already. Hard to understand the output. If you have KAV 5.0 you
: > can't use the tool as it identifies all files as being discrepancies.
: >
: > : >> For anyone who's been reading up on the potential, newest threat to
: >> Windows (Rootkits). SysInternals has created/posted a tool that will
: >> scan your system.
: >> http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
: >> (on a Technical Savvy scale of 10 - this one is about 8.5)
: >>
: >> Rootkits is basically a way for Malware, etc to "Hide" itself within
the
: >> OS, so normal scanning tools and detectors are unable to locate them.
: >> If I understand it correctly, the Malware actually hooks into system
code
: >> making it almost invisible to normal scanning methods. In one article it
: >> indicates the only removal process will be a full system re-install !
: >>
: >> It worthwhile to spend some time researching this issue, as it won't be
: >> long before this threat becomes more prevalent.
: >>
: >>
: >>
: >
: >
:
:
 
D

Dan

I wonder if you are using the RootKit then it probably should be a machine
that does not connect to the Internet until this issue can be solved.

: No, I certainly don't think that's the case. RootKits have been around
: for a while, but some Microsoft Security experts recently wrote a paper
: on how this kind of threat can be used against Windows & how difficult
: it would be to detect it. Maybe it's not a Real-World threat today, but
: shows how something like that would be very difficult to "Root Out" from
: your machine.
:
: : Moreover, the site is not very clear. Is every discrepancy suspect of
beeing
: a rootkit?
:
: "R. McCarty" <[email protected]> escribió en el mensaje
: : > Yes, it's a little on the cryptic side. What I don't understand is how
: > RootKits can get past Windows File Protection. I would assume it
: > doesn't change the identifier that WFP monitors. Still, it seems like
: > a big challenge, since the normal checks-&-balances for locating &
: > removing Malware don't apply.
: > On my system it picks up about 8 items that I'm researching a little
: > more to determine what is going on. Maybe we need a different form
: > of WGA (Windows Genuine API's).
: >
: >
: > : >>I ran it already. Hard to understand the output. If you have KAV 5.0 you
: >> can't use the tool as it identifies all files as being discrepancies.
: >>
: >> : >>> For anyone who's been reading up on the potential, newest threat to
: >>> Windows (Rootkits). SysInternals has created/posted a tool that will
: >>> scan your system.
: >>> http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
: >>> (on a Technical Savvy scale of 10 - this one is about 8.5)
: >>>
: >>> Rootkits is basically a way for Malware, etc to "Hide" itself within
: >>> the
: >>> OS, so normal scanning tools and detectors are unable to locate them.
: >>> If I understand it correctly, the Malware actually hooks into system
: >>> code
: >>> making it almost invisible to normal scanning methods. In one article
it
: >>> indicates the only removal process will be a full system re-install !
: >>>
: >>> It worthwhile to spend some time researching this issue, as it won't be
: >>> long before this threat becomes more prevalent.
: >>>
: >>>
: >>>
: >>
: >>
: >
: >
: >
:
:
 
D

Dan

How much does it cost? Dollars and S(C)ents please. <smile>

: On Wed, 23 Feb 2005 12:23:04 +0000, Howard Harris wrote:
:
: > On Wed, 23 Feb 2005 10:54:31 GMT, R. McCarty wrote:
: >
: >> For anyone who's been reading up on the potential, newest threat to
: >> Windows (Rootkits). SysInternals has created/posted a tool that will
: >> scan your system.
: >> http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
: >> (on a Technical Savvy scale of 10 - this one is about 8.5)
: >
: > The excellent ProcessGuard, of course, already provides protection
against
: > rootkit stealth trojans
: > http://www.diamondcs.com.au/processguard/
:
: Excellent is right for this company and it's products. ProcessGuard is not
: free but there is a reasonably priced Unlimited Licence fee that allows
: home users to install it on all of their PCs.
:
: Regards
:
: Bill
 
D

Dan

Thanks I will keep it under consideration if I need it. I appreciate the
link. Have a great day!!

: On Wed, 23 Feb 2005 06:39:20 -0700, Dan wrote:
:
: > How much does it cost? Dollars and S(C)ents please. <smile>
: >
: > snip
:
: $39.95 or in local curreny when you buy from here http://snipurl.com/czs2
: <G>
:
: Regards
:
: Bill
 
A

Alex Nichol

R. McCarty said:
Yes, it's a little on the cryptic side. What I don't understand is how
RootKits can get past Windows File Protection. I would assume it
doesn't change the identifier that WFP monitors.
Click to expand...

Rootkits refers to auxiliary data stored *alongside* a file in NTFS. It
does not relate to the actual file itself, which is all WFP is
interested in. Separate matters
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Sony RootKit on Music CDs, Detection Tool 2
Sysinternals [New Tool] RootkitRevealer 2
Rootkit Revealer 5
Rootkit infection (Popureb) requires Windows reinstall, says Microsoft 1
RootKit Revealer Log 1
RootkitRevealer 3
Devastating Malware/Rootkit - Invincible 1
[Update] Sysinternals - RootkitRevealer 1.4 4

Top