ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Free download - Rootkit analyzer

(1/3) > >>

Carol Haynes:
I'm just downloading this freebie. It will becaome part of a commercial release later on but is free at the moment.

Resplendence write some good stuff - I can really recommend their Registry Manager as a replacement to Regedit. It has excellent fast seach functions and registry bookmarking. It can also defrag your registry and backup/restore your entire registry amongsth lots of other features (like remote editing ...). There is also a free lit version to download.

Here is a screenshot of the RootKit Analyzer. It detects where NTKernal hooks havebeen intercepted and displays these 'hooks' with where they are linked to and the name of the software/program producer. Its a useful display, and far easier to interpret than other rootkit detectors I have seen. Definitely worth a look.


f0dder:
Looks pretty interesting - another tool of the trade would be http://www.sysinternals.com/Utilities/RootkitRevealer.html . Sysinternals tools are simply invaluable, and I have a load of them installed by default with my unattended CD.

Carol Haynes:
Yes, I have tried the sysinternals one, but I think the results are easier to interpret in this one.

f0dder:
Well, they're two different tools; one checks for registry and file mismatches (sysinternals), the other for kernel hooks. You really should use both to check for errors, although I'd say kernel hooks are more serious than some of the other discrepancies.

None of the tools are foolproof, though - there are more stealthy methods available than "direct" hooking :(

Carol Haynes:
Quite correct ... the trouble I have with the sysinternals program is that the output seems almost inpenertable if you aren't an expert in the registry.

On my system it reports a couple of files are different, but I have no way of knowing what made them different or if they actually need to be different versions. They could for example have been updated by Microsoft Update since the last SysInternals update.

Navigation

[0] Message Index

[#] Next page

Go to full version