Hypersight Rootkit Detector VIPS

- SAS, CureIt, Prevx CSI.
- Hijackthis log at a malware cleaning forum.
- Full wipe and reinstall.

 

As last option I suppose

 

I use following tools when I cure my friend's computers: Gmer, RootkitUnhooker, AVZ. But those tools are, mostly, rely on the brains&experience of their driver. If I were not really techy user I would use an anti-malware helpers forums from the ASAP list.

 

I will not trust cleaning of a heavily infected PC esp rootkits. Few malwares are other story.

 

I never met a rootkit that could resists me more then a half an hour

 

But I can,t find u each time i have to clean the rootkits.
BTW have u ever met Rustock C?

 

You bet!

 

Ilya, I edited my post.

 

No, I don't.

 

May be it was there!

 

Or maybe it never existed

 

May be, may be, mayyyyy be!
Who knows?

 

SystemJunkie

 

lol, right said!

 

I met Rustock.C, I was live experiment I guess. I got used to cyberwar. Most massive spam attacks were around june 2007, but where rooted this indian spam nonsense?

 

Indian spam?

 

Yes the latest spam attacks were filled with indian names and contents as mark. I created a pretty effective spam filter during this time so probably they lost interest.

 

Strange

 

They mainly use these Mailers
in 2008: X-Mailer: The Bat and
in 2007: Eudora 7.x.

Spambot killer India

 

@ System Junkie, can you (or someone else) perhaps answer this question? Nothing personal but it´s just that some guys act like they know a lot, but when more technical questions are asked, it stays awfully quited. Or even funnier, you get to hear things like, "well, you woulnd´t understand it anyway"!

 

http://en.wikipedia.org/wiki/Ring_(computer_security)

Anyone else tried the virtual machine capacity of their CPU? With Securable you can check whether yor CPU has teh capacity, often a bios setup is needed to enable it.

Ilya what is your opnion on this HIPS. From a marketing standpoint it is always good to tell people that they have a feature they do not use at the moment (digs deep into european/american christian believes that you should not waist things) and that for only (small amount say 15 dollars) you can be secured.

Regards K

 

I would say:
1. It is not a HIPS as it can't resists against regular malware.
2. It has very limited capabilities.
3. The main feature of it is to catch new hipervisor's installation.

 

I think there are by far too many attack ranges to say this protection will help you against all malware/rootkits.

It seems so, but is it really able to catch hypervisors? This tool stands on very thin legs actually.. lets wait and see.

 

Yes the main function seems to be to protect Windows/security tool from rootkits, so in a way it is a HIPS. My question is, do you think it´s possible to make classical HIPS or sandbox work as hypervisor? Can you control all system calls (file system + registry) as hypervisor?

Yes probably, but I just wondered why KAV is monitoring this, in theory it should be able to monitor and stop even the most nasty rootkits from modifying the system, or perhaps this is only possible for hypervisors?

I don´t see why not? Of course it will become the main target for hackers.

 

It can't protect against rootkits.

Both questions- no.