1. GENERAL COMMENTS In principle, I do not want to comment on this article because Wayne already made a funny statement: "I hope this is a...
O.k.: I confirm that I am what I am. Damn. I have a PM dated 19 June 2004 ... :-)
1. Some people have said in this thread that Andreas Marx has a bad reputation/is infamous for his bad tests. In my opinion, that's not true. In...
1. "is there anything else you want add, bearing in mind what I have said above" Yes. See above ;-) 2. "but don't try and instigate...
Let's talk about some good news ... if I am not mistaken PG 1.200 should also stop the installation of the Hacker Defender rootkit driver?
@Jason Maybe, maybe not. There are even more drivers on my HD which I have not even tried ... In principle, I agree with you that a...
@Spy 1. It has been stated that TH's user-mode protection is much less secure than PG's kernel-mode protection. It seems to me that both...
Against this background ... "Hi Magnus, I would like you to tell me how you would remove a kernel mode hook (one which patches the service...
In the meantime, I can confirm that the tool mentioned by JoJo works perfectly. Thanks for sharing your knowledge about it ... Moreover, it...
JoJo ... I got your PM @ Rokop board. Thanks. I will reply there. ___
"And why do you think that i´m not interested in helping other users how to find or remove rootkits ?" Why not just sending knlps.zip to Paul...
Oh ... sorry. Now I got your point. It gets in via the ordinary infection vectors like one of the recent Internet Explorer or MS Windows exploits,...
@spy1 Rootkits are generally used by attackers who know what they are doing. And it's absolutely no problem to pack, crypt or otherwise modify...
@Paul Strange comment. knlps.exe is a tool to detect rootkits. By contrast, the TOS relate to malware. But don't worry. We won't get this...
1. @Controler, we are talking about a different thing here. Unfortunately, your tips won't help. 2. @JoJo I think your attitude speaks for...
The correct question should have been ... please provide download link for ntsystem's knlps.zip file ;-) (I do not want to become a fake member...
@illukka I have tested previous HD versions in connection with TPF sandbox. TPF will warn you that HD tries to intall a new service. The...
"and at the moment i found only one program which is able to terminate the running hacker defender rootkit." Perhaps JoJo could tell us about...
@illukka I am almost sure that KAV will not detect hxdef100.exe once you have compressed it with an unknown packer or recompiled the source code....
True. And I am looking for a white hat with a morning star ... ;-)
HD 1.00 has been released on January 1, 2004 if I am not mistaken. Previous versions could be detected quite easily. I have already explained...
Hacker Defender (HD) is a rootkit. After it has been activated the following things will happen: 1. Any files with a name designated by the...
Thanks everybody for your comments! I find this topic quite interesting and try to better understand the process of signature creation. @ Jason...
Article from Eyal Dotan (VB, June 2003), excerpt: "Another way of performing PIDF [Ann.: Process ID Falsification] is through a layer called...
I have briefly reviewed McAfee V8. I believe that the detection rate has not improved (compared to older versions) since V8 still uses the same...
Separate names with a comma.