BitDefender Antirootkit - BETA 1 released

Discussion in 'other anti-malware software' started by Chubb, Jun 23, 2006.

Thread Status:
Not open for further replies.
  1. Chubb

    Chubb Registered Member

    BitDefender Antirootkit - BETA 1 released

    BitDefender Antirootkit comes as a separate tool and can be run on Windows XP, Windows 2000 and Windows 2003 (including systems with BitDefender Internet Security v10 installed).
     
  2. nadirah

    nadirah Registered Member

    any links?
     
  3. controler

    controler Guest

    Bitdefender Antirootkit

    Has anybody tried this yet?

    controler
     
  4. tiagozt

    tiagozt Registered Member

  5. tansu

    tansu Registered Member

    Re: Bitdefender Antirootkit

    Yes, Runs fast.
    No hidden files so far:D
     

    Attached Files:

    • bark.gif
      bark.gif
      File size:
      15.2 KB
      Views:
      983
  6. controler

    controler Guest

    Re: Bitdefender Antirootkit

    I agree, the scan took a whopping 5 seconds on my system. I guess someone will have to run it on some rootkits to actualy see how it goes.
    the two common are HackerDefender and Futo
     
  7. tansu

    tansu Registered Member

    Re: Bitdefender Antirootkit

    I wonder, if it's possible to add BDARK to upcoming BD Internet Security 10? Or are they planning something like this.
     
  8. Firecat

    Firecat Registered Member

    Re: Bitdefender Antirootkit

    BitDefender v10 Standard/Pro/Internet Security will have BitDefender Anti-Rootkit technology. I suspect the interface will be different though since the Anti-Rootkit technology has to be integrated with the other components of BitDefender.
     
  9. controler

    controler Guest

    It will be nice to see what other testers have found.

    Spanner are you there?

    I would like to see some tests on known rootkits.

    Then is it a program that will work against unknown rootkits?

    controler
     
  10. Firecat

    Firecat Registered Member

    To make things clear, this anti-rootkit exists because BitDefender can only currently detect the rootkit infected files before they have run on the system. BD cannot remove rootkits yet if they are already running.

    This Anti-Rootkit module was designed for that job. Detection of unknown rootkits will probably be integrated into the B-HAVE heuristics rather than the anti-rootkit technology.
     
  11. lodore

    lodore Registered Member

    bitdefender are a bit later on using a rootkit scanner because f-secure has included one since f-seure has had black light since the start of f-secure 2006
     
  12. dallen

    dallen Registered Member

    The fact that it is "a bit lat(e)" says little about its effectiveness.
     
  13. muf

    muf Registered Member

    Just tried it. It sure is fast!
     

    Attached Files:

    • RU.jpg
      RU.jpg
      File size:
      23.5 KB
      Views:
      768
  14. starfish_001

    starfish_001 Registered Member

    Intersting just ran this - didn't scan inside of my First Defence folder $ISR - I guess it does not look for hidden directories?

    No log file created
     
  15. nicM

    nicM nico-nico

    I did try it quickly with HackerDefender (default settings), and DBAR beta allows to see the files, the process but I think the GUI could provide more informations :

    Here you see the files

    http://img319.imageshack.us/img319/1201/bdantirk17vf.jpg


    But all you get about hidden processes is their number :( :

    http://img386.imageshack.us/img386/6193/bdantirk31xf.jpg


    Then BDAR wants to rename the files :

    http://img386.imageshack.us/img386/3217/bdantirk40hh.jpg


    And does ask to reboot :

    http://img464.imageshack.us/img464/6241/bdantirk59ug.jpg


    As expected, the files are renamed/not hidden anymore, and the driver is not loaded either :

    http://img464.imageshack.us/img464/403/bdantirk63dp.jpg



    I think the "clean" button could show more obviously in the GUI, during the first test I didn't see it :D , the most obvious button is "next". In fact, this is very close to BlackLight and RootkitRevealer. Personally, I prefer IceSword, more informative, but this one is more like a l"cleaner".

    But well, it's seems to be doing the job - although it was not able to see another rootkit, harder to detect.. :shifty:

    nicM
     
  16. nicM

    nicM nico-nico

    During another test, it was not able to see process(es) hidden by FU :doubt: .

    Oh, it's still beta :) - and IceSword doen't see it either.

    nicM
     
  17. nicM

    nicM nico-nico

    Beta 2 of BD RU is now available.

    nicM
     
Thread Status:
Not open for further replies.