View Full Version : PG 3.0 installation and Rootkit dectection
richrf
November 4th, 2004, 03:09 PM
Hi all,
Should I check for rootkits before I install PG 3.0 or will PG pick up rootkits anyway? If dectection is suggested which software should I use? If PG will detect rootkits, which is the best way to identify them? ? Thanks.
BTW, I don't think there are any on my system, I just want to be comprehensive during installation.
Rich
Pilli
November 4th, 2004, 04:15 PM
Hi Rich, Some rootkits can be detected by AV and AT programs but unfortunately many are not detected as they can be quite easily modified by the crackers.
A rootkit would normally try to do two things to get on your system, firstly a dropper program would need run such as rootkit.exe, so you would get a request to allow a new .exe to run or more dangerous a warning that a current.exe had changed unexpectently such as SVChost.exe - This would be very suspect unless you have been doing windows updates where such a change maybe expected.
The next thing the rootkit would need to do is install a service /driver again this should set your RADAR pinging :) So ProcessGuard protects in at least two ways.
The help file has many examples of the various attacks and how PG deals with them as does the DCS website.
Cheers. Pilli :)
richrf
November 4th, 2004, 04:20 PM
Hi Pilli,
Thanks for the detailed explanation. It helps a lot.
Rich
Gavin - DiamondCS
November 5th, 2004, 12:04 AM
Please note that if a rootkit is already on your machine, its a bit hard to protect you. Such types of malware could also cause instability. If its at all possible, we recommend a backup data, format and clean install of all known clean programs, install PG, let it learn.
Formatting isn't fun, but its worth it now you have PG and possibly have a rootkit already. You won't get another one if you use PG right ;)
richrf
November 5th, 2004, 12:11 AM
Hi Gavin,
What program or programs would you use to detect rootkits? rkdetector? Are there others that are better? Thanks for the reply.
Rich
2HearFromExpert
November 5th, 2004, 02:14 PM
We love to hear from security experts on this issue. It is very hard for users (except for experts) to know whether their boxes are free from malicous programs; there are many reasons for that, for example, installing programs downloaded from the internet, using crack version of windows os....
Is TDS-4 going to be the best to detect and removed most bad things (rootkits, ...) from windows boxes?
TIA
vBulletin® Copyright ©2000-2012, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2012, Wilders Security Forums