RkUnhooker v3.31 released

[StevieO]

Fixed: bug with Notify Routines and Code Hooks Detector, thanks to FlowerCode
Fixed: drivers identification bug

Updated: ILHA to bypass some user mode rootkits with patch-protection technology

Added: bypassing of locking of the system files by some rootkits
Added: UNC full support for Files Scan / Operations (should eliminate some old bugs)

$h3||(0d3 entering the team

RkU3.31.150.420.exe - 147kb

MD5 - 1FC261BE43D1119B4F627B18578759B3

http://rkunhooker1.narod.ru


StevieO

[WilliamP]

How do I get 420 on my system?

You mean how to download it?

[WilliamP]

I saved it to disk. The icon is on my desk top,but how do I open it? I have it now . I have 7 Zip and was able to open it with that. Thank you.

[EP_X0FF]

Just fyi, it is archived with WinRAR v3.6

[WilliamP]

Thank you. The 7 Zip worked great.

[SystemJunkie]

Hm, one thing is not so good: Code hooks detection takes more time for scanning process then in v.3.30.

Someone created sleeps or delays, new programmer, new delay, isn´t it? Not good.

Quote:

Originally Posted by SystemJunkie

Hm, one thing is not so good: Code hooks detection takes more time for scanning process then in v.3.30.

Someone created sleeps or delays, new programmer, new delay, isn´t it? Not good.

I notice it too. Considerably slower than it used to run. I can only guess that engine wasn't part of the transfer of ownership and was replaced by a more slower one. Dunno.

[coldplay]

any comparison to panda antiRK and avg antiRK

[SystemJunkie]

Quote:

Considerably slower than it used to run. I can only guess that engine wasn't part of the transfer of ownership and was replaced by a more slower one.

Exactly. That could be a reason.

[fcukdat]

Quote:

Originally Posted by SystemJunkie

Exactly. That could be a reason.

I can't remember where i read it(poss now defunct RKU support forum) but Pushick had modified part of the operations to enchance some part of the tool's functionability.This might have been a trade off with reguards slower scan times but IRC the modification(improvement) had EP_X0FF seal of approval.

Still folks i think your making a fuss about nothing.
RKU is still the most advanced and effective same drive forensic ARK tool and it is still free

[SystemJunkie]

RkU V3.31 is unstable, it crashes. Damn, guys make it better as before.

[SystemJunkie]

http://i8.tinypic.com/4kjmnol.png

This proves the questionability of the latest Rku 3.31 version.

Rku 3.30 remains stable and does not falsify in contrary to Rku 3.31.

Something is damnly wrong with Rku 3.31.

Also related to the ssdt-ntdll.dll Bug of rku 3.31.

[Longboard]

PrevX is calling an .exe which launches with Hidden Files detector scan "bad"
see here:
http://info.prevx.com/pxparall.asp?L...54980007c52f53

??

If i learned anything at all about exciting and useful detection programs, and with any programs for that matter, it's that at some point along the way, eventually updated versions will stumble and maybe even fall hard. That's why i keep "ALL" versions from beta releases on up, safely stored to return to them should that need happen to arise. This is no perfect science by any stretch and seems it requires very sensitive attention to detail, and even then a flaw can crop up. It's just the unmistakable nature from the originators of the Platform we all use. $M Windows