[Dshield] RootkitRevealer

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Mon Mar 7 16:01:07 GMT 2005


list-bounces at lists.dshield.org <mailto:list-bounces at lists.dshield.org>
wrote on Wednesday, February 23, 2005 5:05 PM (EET) UTC+2 on behalf of
Fergie (Paul Ferguson)

|| From Sysinternals:
| 
| "RootkitRevealer is an advanced root kit detection
| utility. It runs on Windows NT 4 and higher and its
| output lists Registry and file system API discrepancies
| that may indicate the presence of a user-mode or kernel-
| mode rootkit. RootkitRevealer successfully detects all
| persistent rootkits published at www.rootkit.com,
| including AFX, Vanquish and HackerDefender."
| 
| http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
| 
| - ferg


Fergie, Brian et al.


I also use Sysinternals' RootkitRevealer.

Found today info on a new, possibly more advanced product. ("It does not
confront the user with a long list of suspected objects. It only reports
on objects that are very likely to be rootkits or files hidden by a
rootkit.")

The new product supposedly not only detects but also removes rootkits.


For more info-

F-Secure BlackLightTM (Beta Release)
http://www.f-secure.com/blacklight/

The Cure - F-Secure BlackLight (Beta Release)
http://www.f-secure.com/blacklight/cure.shtml

For your comfort, please find excerpted info further below.


- Pete


               "Time will bring to light whatever is hidden; 
       it will cover up and conceal what is now shining in splendour."
           Quintus Horatius Flaccus (65 BC-8 BC); Roman poet.



PS.   FYI- Have no association with F-Secure, do not even use any of
F-Secure's products.


F-Secure BlackLightTM (Beta Release)

http://www.f-secure.com/blacklight/


The Cure - F-Secure BlackLight (Beta Release)

http://www.f-secure.com/blacklight/cure.shtml

What is F-Secure BlackLight?

F-Secure BlackLight Rootkit Elimination Technology detects objects that
are hidden from users and security tools and offers the user an option
to remove them. The main purpose is to fight rootkits and all kinds of
malware that use rootkits. The F-Secure BlackLight Rootkit Elimination
Technology works by examining the system at a deep level. This enables
BlackLight to detect objects that are hidden from the user and security
software.

F-Secure BlackLight is able to correctly ignore non-malicious objects
and alerts only on real rootkits, which makes it useful even for users
without technical knowledge. F-Secure BlackLight is also able to deal
correctly with files that have been modified during the scanning
process. This makes it possible to use F-Secure BlackLight in the
background without interrupting normal work.

What are the key benefits of F-Secure BlackLight Rootkit Elimination
Technology?

    * F-Secure BlackLight can detect and eliminate active rootkits from
the computer. Traditional antivirus scanners can't detect active
rootkits.
    * F-Secure BlackLight does not confront the user with a long list of
suspected objects. It only reports on objects that are very likely to be
rootkits or files hidden by a rootkit. This makes F-Secure BlackLight
useful even for non-technical users.
* F-Secure BlackLight Rootkit Elimination Technology can be used in the
background during normal system operation. Other available scanners
require a reboot during scan or may produce false positives if the
system is used during scanning.


How can I try F-Secure BlackLight Rootkit Elimination Technology?

A free beta version of F-Secure BlackLight will be made available on
March 10th 2005. The beta is fully featured and works until April 30th
2005.

The first public demonstration of the F-Secure BlackLightTM technology
will be on March 10 at the upcoming CeBIT fair in Hannover (March 10-16,
2005, Hall 7, booth Nr. D 14).

F-Secure will announce products and solutions that use BlackLightTM
Technology in 2005. This will further strengthen the company's existing
host security offering which includes centrally managed anti-virus,
firewall, intrusion detection and anti-spyware solutions.








More information about the list mailing list