nod32 vs kernel mode RK

Discussion in 'NOD32 version 2 Forum' started by zobi, Nov 14, 2006.

Thread Status:
Not open for further replies.
  1. zobi

    zobi Registered Member

    Joined:
    Nov 14, 2006
    Posts:
    4
    hi i'm big fan of nod32 , but how is he dealing with kernel mode rootkits ? i know he detects user mode rootkits , but with the last beta version he is unable to detect rustock.b, a kernel mode rootkit.o_O
     
  2. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
  3. zobi

    zobi Registered Member

    Joined:
    Nov 14, 2006
    Posts:
    4
    it s a well known rootkit ( pe286) for using advanced stealth tricks, i'm just asking how eset is dealing with that sort of rootkits, when they are allready installed on the computer, has they claim to detect and cleaning installed rootkits ( kernel rk ?).

    i know its just a beta for the moment , but are they working on this for the future ?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,332
    You can conduct two scans - one with Anti-Stealth disabled and one with AS enabled. If the total numbers of scanned files do not match, you have a rootkit-like process active. If you set NOD32 to scan all files and compare the logs, you will find such files easily even if NOD32 does not detect that rootkit.
     
  5. zobi

    zobi Registered Member

    Joined:
    Nov 14, 2006
    Posts:
    4
    ok thanks marcos for the easy way, it would be great if nod32 could deal with kernel rk in the future , just 2 ou 3 tools can do for the moment ( rkunhooker for example ) and absolutely no av can face effectively for the moment to that kind of rk.
     
Thread Status:
Not open for further replies.