rootkit detection
F-Secure BlackLight Rootkit Detection 2.2.1067 Beta
A useful application that will detect and delete spyware and viruses more>>
Some spyware programs are already using so-called rootkits to hide deep in the system. And, virus authors are joining in. Learn more about the threat called rootkit.
The Cure - Innovative New Technology
Now, there is a cure, F-Secure BlackLight Rootkit Elimination Technology. And, its time to find out, whether your computer is infected by invisible rootkits. Read more about this innovative counter-measure F-Secure BlackLightTM.
Note: Stand-alone BlackLight betas expiration has been extended until 1st of March 2006. An integrated BlackLight engine has been included in the F-Secure Internet Security 2006 suite.
F-Secure BlackLight Rootkit Detection is a useful application that will detect andMcAfee Rootkit Detective 1.1
It will proactively detect and clean rootkits that are running on the system more>> It will proactively detect and clean rootkits that are running on the system
McAfee Rootkit Detective Beta is a program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the system.
McAfee Rootkit Detective should only be used by knowledgeable individuals at the direction of, and with the support of, a representative from McAfee Avert Labs or McAfee Technical Support. Improper usage of this tool could result in damage to your applications or operating system.
Main features:
- Designed to proactively detect the system objects like processes, files and registry that are hidden to the user
- Provides information about all running processes in the system
- Provides information about various system hooks like SSDT(System Service Descriptor Table) hooks, user/kernel IAT/EAT(Import/Export Address Table) hooks
- Allows the user to clean/remove the malicious objects from the system by renaming/deleting the hidden files/registry
- Allows the user to terminate the malicious processes
- Users can submit samples using the submission feature present in the tool
- Users can also collect the samples manually after renaming them and Avert Labs for further analysis
System requirements:
- Windows XP Home Edition with SP2
- Windows XP Professional Edition with SP2
- Windows 2000 with SP4
- Windows 2000 Server
- Windows 2003 Server SP1
BETA KNOWN ISSUES
- McAfee Rootkit Detective will detect registry entries pertaining to McAfee Entercept Products if installed on your system.
- McAfee Rootkit Detective will detect mfehidk.sys file pertaining to McAfee Antispyware Enterprise (Standalone) as a hooked service.
- McAfee Rootkit Detective will detect IAT/EAT hooks in Windows 2000 SP4 system pointing to shim.dll.
- McAfee Rootkit Detective will detect vsdatant.sys from Zone Alarm as hooked service for rootkit like behavior.
- McAfee Rootkit Detective will detect Goback2k.sys as hooked service on system having Go Back software installed system for rootkit like behavior.
- McAfee Rootkit Detective will detect fsndis5.sys as hooked service from F-Secure if F-Secure Internet Security Suite 2006 is installed on the system
- McAfee Rootkit Detective will detect klif.sys as hooked service from Kaspersky if Kaspersky Internet Security 2006 is installed on the system.
- McAfee Rootkit Detective will detect FireTDS.sys as hooked service from McAfee if McAfee Desktop Firewall is installed on the system.
- McAfee Rootkit Detective will detect Hidsys.sys as hooked service from McAfee if McAfee Host Intrusion Prevention is installed on the system.
- McAfee Rootkit Detective will detect Service Name ZwCreateThread when VSE product is installed on the system.
- McAfee Rootkit Detective will not run on Windows 2000 platforms when Kaspersky Internet Security 2006 is installed.
- McAfee Rootkit Detective will detect many IAT/EAT hooks and SSDT hooks of legitimate applications.
McAfee Rootkit Detective 1.0 is created as tool for detecting and cleanning rootkits that are ... .McAfee Rootkit Detective should only be used by knowledgeable individuals at the directionSpyware Detection 2.1
Spyware are those software which send your personal data like, your browsing behavior, your computers system configuration, Software installed on your computer. more>>
Spyware Detection 2.1 is a best-of-class anti-spyware cleaner with free scanning engine uses the most complete and up-to-date signature files. Spyware Detector, then, categorizes each threat, so you can accurately and easily assess the danger that spyware poses to you and your PC
They are those software which send your personal data like, your browsing behavior, your computers system configuration.
Software installed on your computer and a lot of other information depending on the nature of the spyware, to their companies without your approval or knowledge. It is virtually impossible to avoid them since they are very clandestine in nature and get hardly noticed by a user. The data sent by them can be harmful for your privacy as it may include your address, e-mail and other personal information.
Spyware Detection works as a guard for you and keep check on these spyware. It assists you to check your computer for any spyware and if found removes it.
Major Features:
- Installed on your computer and a lot of other information depending on the nature of the spyware, to their companies without your approval or knowledge.
- It is virtually impossible to avoid them since they are very clandestine in nature and get hardly noticed by a user.
- The data sent by them can be harmful for your privacy as it may include your address, e-mail and other personal information.
- Works as a guard for you and keeps check on these spyware. It assists you to check your computer for any spyware and if found removes it.
Rootkit Buster 1.6
Rootkit Buster is a tool equipped with the capability of scanning for hidden files, registry entries, processes, drivers and hooked system service. more>>
Rootkit Buster 1.6 is a tool equipped with the capability of scanning for hidden files, registry entries, processes, drivers and hooked system service. It also can clean hidden files and registry entries. It is free.
Securepoint Intrusion Detection 1.0
The Securepoint Intrusion Detection System (SIDS) allows to analyse your network for intrusion detections. SIDS protects your network from illegal data packages and scans for possible trojans and viru more>>
network for intrusion detections. SIDS protects your network from
illegal data packages and scans for possible trojans and viruses. The
tool can be run from any location in your network and is filtering the
whole traffic. The GUI gives you fast access to overview possible
alerts. SIDS also comes with a huge library of rules which you can
easily edit or advance. There is also an advanced filter system
available where you can specify different filters to get more
information about a computer or a network segment. The tool is freeware
and works under Windows98, NT, 2000, XP and ME.
Features:
Easy GUI for fast overview
Over 800 rules inclusive with different signatures (viruses,
trojans, hacker packages, etc)
Scans over 1000 data packages in less then one second
Traffic monitor gives you the possibility to show the active running
traffic in the network.
System log shows the internal log-file
IDS log-file shows the rules which encounters. Easy double click on
an item to get more information.
Temporary rules window for own rules. For example: Somebody is
trying to access a special homepage. Here you can add and edit those
rules.
Advance filtering
No special network card needed
Runs on every windows platform
Warning: The Securepoint Intrusion Detection Tool is not
legalized in every country.
You are only allowed to use the software for your own network test and
finding of security holes. Securepoint gives no warranty on it. The
software is being delivered to you AS IS and Securepoint makes no warranty as to
its use or performance.
All Rights Reserved.
RSP CPU Detection DLL 1.2.0
RSP CPU Detection DLL helps you retrieve information about the installed processor more>>
SHA1 Collision Detection 1.0.0.4
This application will find any text values that match a given SHA1 hash. more>> This application will find any text values that match a given SHA1 hash. You can use the included "SHA1 Hash Gen.html" (which is 2005 Chris Veness) to create SHA1 hashes for testing purposes.<<less
RootkitRevealer 1.71
RootkitRevealer is an advanced root kit detection utility more>> RootkitRevealer is an advanced root kit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
RootkitRevealer including Vanquish, AFX and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that dont attempt to hide their files or registry keys).
The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.<<less
Anti-Rootkit 1.0
Panda Anti-Rootkit, offers simple, fast and free protection against online fraud and data theft usin... more>> Panda Anti-Rootkit, offers simple, fast and free protection against online fraud and data theft using hidden malicious code. Panda Anti-Rootkit scans computers for hidden items in running processes, the Windows registry, and local hard disks. On detecting a malicious rootkit, Panda Anti-Rootkit completely eliminates it along with all of the programs it could be hiding, including files, processes, registry entries and the ADSs associated to the rootkits.<<less
QT Detection Pack 6.5.2-10.3.8
QuickTime detection routines for the web more>> QT Detection Pack is a set of diagnostic movies and QuickTime detection routines that you can implement on your website to help ensure your end users will have the right version of QuickTime before they see your QuickTime content. It includes interactive QuickTime movies that will show the user what version they are running, their connection speed, and operating system.
The QT Detection Pack also includes a set of redirection pages for checking for QuickTime 4.0, 4.1.2, 5.0, 5.0.2, 6.0, 6.0.2, 6.1, 6.1.1, 6.2, 6.3, 6.4 & 6.5. The redirection pages are easy to setup, and dont require modifying of MIME-types or other settings on the server. None of the solutions require JavaScript to be enabled. The redirection pages can be totally customized and all the files can be renamed to fit the structure of your site. Purchasing the pack entitles you to 12 months of free updates to ensure your detection routines are up-to-date. For an example of the redirection process, please see the showcase area on our website.<<less
RootKit Hook Analyzer 3.02
Check and display rootkits that hook the kernel system services of your computer. more>>
RootKit Hook Analyzer 3.02 helps you to avoid rootkits installed on your PC which hook the kernel system services. Kernel RootKit Hooks are installed modules that intercept the principal system services that all programs and the operating system rely on. Kernel hooks are out of fashion these days and not officially documented and considered deprecated by Microsoft. The pioneering heroes of the old days who discovered how to actually implement them have all adopted the new fashion of advising against using kernel hooks as a programming practice.
Often kernel hooks are unnecessary because there are documented ways that allow a programmer to achieve his goal. However in a lot of system tools such as monitoring and antivirus software, kernel hooks are the only available technique to get the difficult job done and thus an unavoidable necessary evil. Important is that if your kernel system services are hooked that you can find out which is the responsible software that makes use of these techniques. Inspired by all the discussions going on about the Sony CD protection rootkit, we have developed the RootKit Hook Analyzer.
Enhancements:
- Includes unspecified updates.
RootKit Hook Analyzer is a security utility which will check if there are ... installed which hook the kernel RootKit Hook Analyzer is a security utility which will check if
3 Charts - Drug Detection Periods 1.0
Drug detection time chart screensaver on your desktop. more>> The Drug detection screensaver from Trustests gives approximate detection periods for many substances of abuse by drug test type. Drug detection time chart screensaver help students and teachers see the detection times for many substances. The ranges depend on amount and frequency of use, metabolic rate, body mass, age, overall health, and urine pH. For ease of use, the detection times of metabolites have been incorporated into each parent drug.<<less
Gromozon Rootkit Removal Tool
A small utility that can rapidly detect and remove the Gromozon rootkit more>> A small utility that can rapidly detect and remove the Gromozon rootkit
Unfortunately the Gromozon Rootkit isnt a single infection, but a blended attack designed to bypass traditional antimalware security applications.
The end result meaning that the machine is not only infected by several well known Trojans but also a highly dangerous Rootkit. Traditional AV vendors are at the moment dealing with the known infections, but overlooking the rootkit.
Here is how you could get infected with the Gromozon rootkit:
- Upon visiting an infected webpage an obfuscated JavaScript is run.
- The user is forwarded to another website which of course contains a further obfuscated JavaScript. This connects to a network of websites which are used to launch the infection routine. These websites are constantly changing and since May 2006 have become considerably more numerous
- A server side script will be run to analyse the user agent (web browser) under which the user is visiting. Different attack methods are then launched depending on whether the user is running Opera, Firefox or Internet Explorer.
- For Internet Explorer, the victim is presented with the option to install an ActiveX control called FreeAccess.ocx This is actually copied into the Microsoft Windows system32 folder as a randomly named DLL.
- Firefox and Opera undergo a very clever piece of social engineering. What appears to be a link to www.google.com is presented to the victim. This unfortunately is not a hyperlink but in fact a cleverly hidden .com file. Once accepted and run, a randomly named DLL is again installed to the windows system32 folder.
- Once the DLL agent is installed, various pieces of Adware are downloaded and installed onto the machine. Examples are the Bravesentry and LinkOptimizer Trojans. The real payload is then downloaded to the victims computer. Both a Rootkit and service component are installed along with a hidden windows user account. The main purpose of this is to enable the Adware which was previously installed to be hidden from any Anti-malware tools installed on the machine
AVG Anti-Rootkit Free 1.1.0.42
AVG Anti-Rootkit can detect and remove rootkits, a anti rootkit freeware. more>> AVG Anti-Rootkit is a powerful tool with state-of-the-art technology for detection and removal of rootkits. Rootkits are used to hide the presence of a malicious object like trojans or keyloggers on your computer. If a threat uses rootkit technology to hide itself it is very hard to find the malware on your PC. AVG Anti-Rootkit gives you the power to find and delete the rootkit and to uncover the threat the rootkit is hiding
Feature:
1.Easy to use
2.Fast and efficient detection
3.Advanced powerful cleaning driver<<less
Sophos Anti-Rootkit 1.3 RC
Sophos Anti-Rootkit eliminates hidden applications and processes more>>
Sophos Anti-Rootkit will find and remove any rootkit that is hidden on your computer.
The term rootkit is used to define a Trojan (or technology) used to hide the presence of a malicious object (process, file, registry key, network port) from the computer user or administrator.
Main features:
- Scans running processes, windows registry and local hard drives for rootkits.
- Identifies known rootkits and selects, by default, files for removal which will remove the rootkit component of the malware without compromising OS integrity.
- Allows users to remove unidentified hidden files, but does not allow removal of essential system files when hidden by an identified rootkit.
- Once the user has run a scan, the screen prompts the user through the necessary steps until every rootkit has been removed.
- Users can switch between the GUI and command-line functionality.
- Both context sensitive and command-line help are available.
Sophos Anti-Rootkit will find and remove any rootkit that is hidden on your computer. The term ... run a scan, the screen prompts the user through the necessary steps until every rootkit has beenSophos Anti-Rootkit eliminates hidden applications and processes. Sophos Anti-Rootkit will find and remove any rootkit that is hidden on your computer. The term