FLISTER for Windows

Discussion in 'other security issues & news' started by nick s, Jan 25, 2005.

Thread Status:
Not open for further replies.
  1. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Found a new tool for detecting the presence of rootkits:

    FLISTER for Windows (Tools section) and FLISTER - uncovering files hidden by Windows rootkits

    "FLISTER is a proof-of-concept code for detecting files hidden by both usermode and kernelmode Windows rootkits. It exploits the bugs in handling ZwQueryDirectoryFile() calls with ReturnSingleEntry set to TRUE. FLISTER works on Windows 2000, XP and 2003."

    As an example, if run on a system compromised by Hacker Defender (1.0), you will get an "error while scanning directory (err = 0xc000000f)" when it detects a hidden file. In the pic, the hidden file's name starts with "hx" and is not visible in Explorer (on the left).

    Nick
     

    Attached Files:

    nick s, Jan 25, 2005
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...