BitDefender Antirootkit - BETA 1 released

BitDefender Antirootkit comes as a separate tool and can be run on Windows XP, Windows 2000 and Windows 2003 (including systems with BitDefender Internet Security v10 installed).

any links?

Has anybody tried this yet?

controler

http://beta.bitdefender.com

Yes, Runs fast.
No hidden files so far;D

I agree, the scan took a whopping 5 seconds on my system. I guess someone will have to run it on some rootkits to actualy see how it goes.
the two common are HackerDefender and Futo

I wonder, if it's possible to add BDARK to upcoming BD Internet Security 10? Or are they planning something like this.

-{ Quote: "I wonder, if it's possible to add BDARK to upcoming BD Internet Security 10? Or are they planning something like this." }-
BitDefender v10 Standard/Pro/Internet Security will have BitDefender Anti-Rootkit technology. I suspect the interface will be different though since the Anti-Rootkit technology has to be integrated with the other components of BitDefender.

It will be nice to see what other testers have found.

Spanner are you there?

I would like to see some tests on known rootkits.

Then is it a program that will work against unknown rootkits?

controler

To make things clear, this anti-rootkit exists because BitDefender can only currently detect the rootkit infected files before they have run on the system. BD cannot remove rootkits yet if they are already running.

This Anti-Rootkit module was designed for that job. Detection of unknown rootkits will probably be integrated into the B-HAVE heuristics rather than the anti-rootkit technology.

bitdefender are a bit later on using a rootkit scanner because f-secure has included one since f-seure has had black light since the start of f-secure 2006

-{ Quote: "bitdefender are a bit later on using a rootkit scanner because f-secure has included one since f-seure has had black light since the start of f-secure 2006" }-
The fact that it is "a bit lat(e)" says little about its effectiveness.

Just tried it. It sure is fast!

Intersting just ran this - didn't scan inside of my First Defence folder $ISR - I guess it does not look for hidden directories?

No log file created

I did try it quickly with HackerDefender (default settings), and DBAR beta allows to see the files, the process but I think the GUI could provide more informations :

Here you see the files

http://img319.imageshack.us/img319/1201/bdantirk17vf.jpg (http://imageshack.us)


But all you get about hidden processes is their number :( :

http://img386.imageshack.us/img386/6193/bdantirk31xf.jpg (http://imageshack.us)


Then BDAR wants to rename the files :

http://img386.imageshack.us/img386/3217/bdantirk40hh.jpg (http://imageshack.us)


And does ask to reboot :

http://img464.imageshack.us/img464/6241/bdantirk59ug.jpg (http://imageshack.us)


As expected, the files are renamed/not hidden anymore, and the driver is not loaded either :

http://img464.imageshack.us/img464/403/bdantirk63dp.jpg (http://imageshack.us)



I think the "clean" button could show more obviously in the GUI, during the first test I didn't see it ;D , the most obvious button is "next". In fact, this is very close to BlackLight and RootkitRevealer. Personally, I prefer IceSword, more informative, but this one is more like a l"cleaner".

But well, it's seems to be doing the job - although it was not able to see another rootkit, harder to detect.. :shifty:

nicM

During another test, it was not able to see process(es) hidden by FU :-\ .

Oh, it's still beta :) - and IceSword doen't see it either.

nicM

Beta 2 of BD RU is now available.

nicM