BitDefender Antirootkit - BETA 1 released

Discussion in 'other anti-malware software' started by Chubb, Jun 23, 2006.

Thread Status:
Not open for further replies.
  1. Chubb
    Offline

    Chubb Registered Member

    BitDefender Antirootkit - BETA 1 released

    BitDefender Antirootkit comes as a separate tool and can be run on Windows XP, Windows 2000 and Windows 2003 (including systems with BitDefender Internet Security v10 installed).
  2. nadirah
    Offline

    nadirah Registered Member

    any links?
  3. controler
    Offline

    controler Registered Member

    Bitdefender Antirootkit

    Has anybody tried this yet?

    controler
  4. tiagozt
    Offline

    tiagozt Registered Member

  5. tansu
    Offline

    tansu Registered Member

    Re: Bitdefender Antirootkit

    Yes, Runs fast.
    No hidden files so far:D

    Attached Files:

    • bark.gif
      bark.gif
      File size:
      15.2 KB
      Views:
      983
  6. controler
    Offline

    controler Registered Member

    Re: Bitdefender Antirootkit

    I agree, the scan took a whopping 5 seconds on my system. I guess someone will have to run it on some rootkits to actualy see how it goes.
    the two common are HackerDefender and Futo
  7. tansu
    Offline

    tansu Registered Member

    Re: Bitdefender Antirootkit

    I wonder, if it's possible to add BDARK to upcoming BD Internet Security 10? Or are they planning something like this.
  8. Firecat
    Offline

    Firecat Registered Member

    Re: Bitdefender Antirootkit

    BitDefender v10 Standard/Pro/Internet Security will have BitDefender Anti-Rootkit technology. I suspect the interface will be different though since the Anti-Rootkit technology has to be integrated with the other components of BitDefender.
  9. controler
    Offline

    controler Registered Member

    It will be nice to see what other testers have found.

    Spanner are you there?

    I would like to see some tests on known rootkits.

    Then is it a program that will work against unknown rootkits?

    controler
  10. Firecat
    Offline

    Firecat Registered Member

    To make things clear, this anti-rootkit exists because BitDefender can only currently detect the rootkit infected files before they have run on the system. BD cannot remove rootkits yet if they are already running.

    This Anti-Rootkit module was designed for that job. Detection of unknown rootkits will probably be integrated into the B-HAVE heuristics rather than the anti-rootkit technology.
  11. lodore
    Offline

    lodore Registered Member

    bitdefender are a bit later on using a rootkit scanner because f-secure has included one since f-seure has had black light since the start of f-secure 2006
  12. dallen
    Offline

    dallen Registered Member

    The fact that it is "a bit lat(e)" says little about its effectiveness.
  13. muf
    Offline

    muf Registered Member

    Just tried it. It sure is fast!

    Attached Files:

    • RU.jpg
      RU.jpg
      File size:
      23.5 KB
      Views:
      768
  14. starfish_001
    Offline

    starfish_001 Registered Member

    Intersting just ran this - didn't scan inside of my First Defence folder $ISR - I guess it does not look for hidden directories?

    No log file created
  15. nicM
    Offline

    nicM nico-nico

    I did try it quickly with HackerDefender (default settings), and DBAR beta allows to see the files, the process but I think the GUI could provide more informations :

    Here you see the files

    http://img319.imageshack.us/img319/1201/bdantirk17vf.jpg


    But all you get about hidden processes is their number :( :

    http://img386.imageshack.us/img386/6193/bdantirk31xf.jpg


    Then BDAR wants to rename the files :

    http://img386.imageshack.us/img386/3217/bdantirk40hh.jpg


    And does ask to reboot :

    http://img464.imageshack.us/img464/6241/bdantirk59ug.jpg


    As expected, the files are renamed/not hidden anymore, and the driver is not loaded either :

    http://img464.imageshack.us/img464/403/bdantirk63dp.jpg



    I think the "clean" button could show more obviously in the GUI, during the first test I didn't see it :D , the most obvious button is "next". In fact, this is very close to BlackLight and RootkitRevealer. Personally, I prefer IceSword, more informative, but this one is more like a l"cleaner".

    But well, it's seems to be doing the job - although it was not able to see another rootkit, harder to detect.. :shifty:

    nicM
  16. nicM
    Offline

    nicM nico-nico

    During another test, it was not able to see process(es) hidden by FU :doubt: .

    Oh, it's still beta :) - and IceSword doen't see it either.

    nicM
  17. nicM
    Offline

    nicM nico-nico

    Beta 2 of BD RU is now available.

    nicM
Thread Status:
Not open for further replies.