McAfee Rootkit Detective 1.0
Posted by Mihai Asmanow on 26 July 2007 - 11:23 · 5 comments & 2402 views
About the Author
Full name: Mihai Asmanow
Forum name: Copernic
Contact: via forum PM
Submissions: Normal · Headline
Full name: Mihai Asmanow
Forum name: Copernic
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(2 replies)
#1 Posted by rEiVeRjOhN on 26 Jul 2007 - 15:36
- does this mean vista cant get rootkits ?
-
#1.1 Posted by
neufuse on 26 Jul 2007 - 20:30
- Quote - (rEiVeRjOhN said @ #1)does this mean vista cant get rootkits ?
64bit Vista has anti-rootkit measures built in, such as only signed code can execute, and a few other things, 32bit doesn't have that though... -
#1.2 Posted by Roger2 on 26 Jul 2007 - 21:11
- Quote - (neufuse said @ #1.1)Quote - (rEiVeRjOhN said @ #1)does this mean vista cant get rootkits ?
64bit Vista has anti-rootkit measures built in, such as only signed code can execute, and a few other things, 32bit doesn't have that though...
Which is good because this tool doesn't run on 64bit OSs.
-
(1 reply)
#2 Posted by +Octol on 26 Jul 2007 - 16:41
- Quote -McAfee Rootkit Detective should only be used by knowledgeable individuals at the direction of, and with the support of, a representative from McAfee Avert Labs or McAfee Technical Support.
It would nice to have a rootkit detector that simply told you if you likely have one running on your system. That way you could then decide whether or not you need to take action and contact support personnel so you don't screw up your computer. -
#2.1 Posted by totalslacker on 02 Oct 2007 - 18:26
- Here you go:
http://www.microsoft.com/technet/sysintern...itRevealer.mspx
Thanks Mark Russinovich!
Features:
Following are the features of this program that are designed to proactively detect and clean rootkits from the system. This program is not dependent on any signatures and can proactively detect most of the existing and upcoming rootkits and allow the user to clean them.
* Designed to proactively detect the system objects like processes, files and registry that are hidden to the user.
* Provides information about all running processes in the system.
* Provides information about various system hooks like SSDT(System Service Descriptor Table) hooks, user/kernel IAT/EAT(Import/Export Address Table) hooks.
* Allows the user to clean/remove the malicious objects from the system by renaming/deleting the hidden files/registry.
* Allows the user to terminate the malicious processes.
* Users can submit samples using the submission feature present in the tool.
* Users can also collect the samples manually after renaming them and submit to stinger@avertlabs.com for further analysis.
Supported Operating Systems
* Windows XP Home Edition with SP2, XP Professional Edition with SP2, 2000 with SP4, 2000 Server and Windows 2003 Server SP1*