Can anyone please tell me what is the name of the (hidden) driver which the 'hardening' software Samurai allegedly puts in 'driver non Plug and Play'?

I need it to be sure i uninstalled everything: i wanted to try Samurai in one pc,but the install couldnt complete and i had made the mistake of not using Total Uninstall, thinking Samurai was very light,which isnt entirely so.
I searched the Registry quite accurately and i also couldnt find anything related in the 'hardware' section of 'MyComputer',but i'd rather be sure,if possible, given Samurai 'hooking' nature.

To those who already run Samurai i'd like to ask if they found any trouble installing it, as i think my other security software-namely in this instance Jetico,Antivir,Boclean and Cyberhawk , although put to sleep before the attempted install, still heavily conflicted with it at reboot, to the point i could completely reboot only at the second attempt.

It's unlikely i'll try again to use Samurai,but i'd like it to be completely uninstalled.

Hi Poirot

Interesting app Samurai
I have never tried to uninstall it completely

Search here @wilders shows threads going back: 2005

I have just noted this:
http://gladiator-antivirus.com/forum/index.php?showtopic=49247

Interesting, VERY VERY interesting, the links go to a (for me) new version: 2.7

I had thought that all the dl links were gone apart from Download.com which is still hosting V2.5; but with active links to new dl !!

There is some useful ifo for you wrt uninstall.

If you really want to follw the install/uninstall, then disable/uninstall samurai.
You should be able to re-enable/reinstall with TU or Zsoft or if you really want to watch: InCtrl5.

The web page info suggeste that the only remnant is the "config" file after disabling/uninstalling, fwiw.

I am going to start a new thread about V2.7.
Regards

~snip~

Hi poirot,

Samurai 2.7 installs KernelHooks.sys and is listed as "KernelHooks" in Device Manager. Its path is whatever folder you installed Samurai to.

Nick

PS: KernelHooks.sys + SSM = BSOD

i thought Samurai was dead. maybe ill readd it to my setup :thumb:

@Poirot:
In Autoruns: Drivers: (currently uninstalled so not found)
"Jump To" in regedit

Thanks a lot , Longboard and nick s ,for your help.
I was late in replying due to Time Zones,eg-i was flirting with Morpheus until some time ago.

Longboard, the link at Gladiators is very detailed and useful and i fear i didnt follow quite the exact rules for uninstall-simply because i didnt know them.

I've proceeded as i usually do with stubborn programs,anyhow,that is: an 'official' uninstall, (in Samurai from within the control panel-GUI)
reboot,
a 'Total Uninstall' job then another reboot,
followed by finding all files remaining related to the program,via 'Search All files' and via the Find feature of RegSeeker,a general Clean then Reboot.
After that i run RegSupreme in 'Aggressive' fashion,it still finds something, then another Reboot.
In the end i make a manual,personal survey of the whole Registry and after all i did previously it is rare to find anything, apart a few Paid softwares which might require an intervention at Permit level for erasing their last barriers.

But it seems Samurai did not leave anything behind, also because it didnt install properly in my opinion. I know it does not install in the orthodox sense with an AddRemove entry, still ,the evident conflict which prevented reboot must have somehow hindered its deploying,as the systemtray icon (in red with japanese characters) didnt respond and vanished afterwards.
Definetely Samurai conflicts with my security setup which already included WWDC and Seconfig.

After all the data you provided i am tempted to try again,though!
Will it be 'installed' from SafeMode?
It could be perhaps the only way for me, as i dont intend to uninstall-reinstall my other programs which are in the way.
Best regards and thanks again

@poirot

An expert friend has suggested that Samurai is an extensive SSDT hooker
This may lead to some conflicts with other utilities as per nick s's post.

You may have to test a bit
Maybe your install issue was related to same?

I am not smart enough to now much about this but be cautious?

Thank you Longboard,i am aware of the 'hooking' propensities of Samurai,
that's why i think it's very unlikely i try again to install this software.
I reckon it would be another ,unnecessary, hook in the kernel area,
(not entirely unnecessary,really,as it has its usefull facets,but i wouldnt part with any other program i run in order to make way for Samurai) just in a situation when one has to choose just a single program for every needed action and no more (eg-only one antivirus,one antitrojan/antispyware,one HIPS etc.) because nearly all of them are hooking the Kernel and battling for supremacy.
Matter of fact i run now much less things than in the past and i strive constantly to streamline even more.

I re-checked ,as suggested by nick s,in Device Manager and there's nothing untoward:Samurai quietly vanished;but to be even more sure i reinstalled Rootkit Analyzer ,which confirmed the only hooks i got in that pc belong to Jetico and Novatix (Cyberhawk at the moment under trial).
As we're talking about a 'normal' program and not malware i didnt search with RKU or other rootkit programs.
I'm positive BOClean would have alerted me to the fact,if there arose a need to. It had already happened with serviwin.exe from the Serviwin program,which finds hidden drivers, an obvious FP and not a Trojan horse,but just to pinpoint that Boclean alerts about suspicious moves as well.

So, i am glad no remnants of Samurai remain and for the time being i dont plan to try again.
Best regards,

Hi,
I tested Samurai against some malware. Firslty I'd say it aint for me, for one it stiffled the test machine* and secondly didn't like the test VM - both were set up with just Samurai and winXPSP2+hotfixes and WinDbg, the VM resulted in bsod (KernelHooks.sys.)
For simplicity and time I'll lay it out as follows and wont be going into great detail (this was NOT an extensive test) :

Hacker Defender - Pass (see screen shot.)
Anti-keylogger tester v1.000 - failed all tests.
Martins undetectable keylogger - fail.
DCS termination - passed 1,6 and 10 / failed the rest.
Rustock a,b - failed both.
Unreal (Team RkU) - fail.

This was just something small as I was asked by someone if I'd test it, and I never tested the other Samurai attributes, I'll be testing more thoroughly at the weekend with some more from the zoo and different attack sites.:)

*afterwards I brough some other tools to the machines, the ARKs especially wouldn't load.

@Meriadoc
That's great work.
Thankyou.
Very interesting to see what this elegant pure HIPS/Hardener can do.

Possibly not the be all?

Interesting the probs in VM and with other anti-r-k's.
If the full set-up is enabled in Samurai it may block other SSDT tools ??
Will wait with bated breath for more results.

Regards,

I put Samurai 2.5 and 2.7 'through the mill.'
Samurai is a hardening tool with a host intrusion prevention. If a driver tries to install, a popup like the one for Hxdef or Vanquish below will warn the user.
I was able to workaround the previous problems for this test.
The 2.5 protection tries to clear the system call table which can cause BSOD, which is corrected in 2.7. -(also thanks to author.)
For as much as it would let me see Samurai hooks 3 SSDT

Tests :
Internet Explorer Browser security
DHTML Edit Control Script Injection PASS
HTML Help Control Local Zone Security Restriction Bypass PASS
JavaScript Method Assignment Cross-Domain Scripting PASS
Modal Dialog Argument Caching Cross-Domain Scripting PASS
CHM File Processing Arbitrary Code Execution PASS
Cross Domain Scripting PASS
Search Frame Fake Caller PASS
Object Data Remote Execution PASS
Multimedia Page Cross-Site Scripting PASS
Dialog Style Same Origin Policy Bypass PASS
Zone Bypass PASS
IFRAME dialogArguments Cross-Zone Access PASS
Document Reference Zone Bypass PASS
Iframe Document Property Cross Domain Scripting PASS
URL Same Origin Policy Violation PASS
Arbitrary File Execution PASS
Navigate Function Cross Frame Access PASS
Temporary Internet Files Folder Disclosure PASS
MIME Header Attachment Execution PASS
DYNSRC File Information Disclosure PASS
Content-Disposition Handling File Execution PASS
OBJECT Tag Same Origin Policy Violation PASS
Dialog Same Origin Policy Bypass PASS
Cookie Content Disclosure PASS
ActiveX PASS

All the services and prevention Samurai claims is confirmed,
UPnP, BITS, Message, Net DDE, RDS, PCT, Index, My Computer Zone, Denial of Service (SynAttackProtect and EnablePMTUDiscovery,) anonymous sessions etc (see 32 Steps link below) - basically setting registry values and stopping services.

Rootkit
FU BLOCKED
NT Rootkit BLOCKED
AFX BLOCKED
HE4 BLOCKED
Vanquish PARTIAL BLOCK Samurai didn't block DLL injection

DFK Threat Sim FAIL although Samurai blocked the kernal driver and was not disabled
OSR Crash on Demand PASS

32 Steps to PC Security (http://209.85.135.104/search?q=cache:Mhu3ZBOlYRwJ:turbotramp.fre3.com/32Steps.doc+samurai+hips&hl=en&ct=clnk&cd=2&gl=uk&client=firefox-a)

@Meriadoc
Very nice
- did you notice any conflicts with other tools?
-did you try again with Rustock or Unreal on non Vm?

Thankyou for doing this: very generous of you to spend the time.
Useful free tool eh.
Any feedback from developer?

Regards.

Hi Longboard,
-{ Quote: "- did you notice any conflicts with other tools?
-did you try again with Rustock or Unreal on non Vm?" }-
Only tools that load driver, but I did eventually note hooks.
There are other ways to hide - many ways to skin a cat (excuse expression) and I confirmed somethings and looking at others, but I think I show what Samurai couldn't do,..nor claim to.
-{ Quote: "time.
Useful free tool eh." }-
I do this all the time but I have been pretty busy this weekend as vista ultimate came through the mailbox.
Yeah, its a none intrusive hardener and little hips and when its working it does its job plus its free.
-{ Quote: "Any feedback from developer?" }-
A little, confirming what I found out about changes between version and that there maybe problem with vm. Send an email to him for information on Samurai, he will kindly reply. :)

The power of hardening and interception of execution :o :o