nod32 vs kernel mode RK

Discussion in 'NOD32 version 2 Forum' started by zobi, Nov 14, 2006.

Thread Status:
Not open for further replies.
  1. zobi
    Offline

    zobi Registered Member

    hi i'm big fan of nod32 , but how is he dealing with kernel mode rootkits ? i know he detects user mode rootkits , but with the last beta version he is unable to detect rustock.b, a kernel mode rootkit.o_O
  2. kjempen
    Offline

    kjempen Registered Member

  3. zobi
    Offline

    zobi Registered Member

    it s a well known rootkit ( pe286) for using advanced stealth tricks, i'm just asking how eset is dealing with that sort of rootkits, when they are allready installed on the computer, has they claim to detect and cleaning installed rootkits ( kernel rk ?).

    i know its just a beta for the moment , but are they working on this for the future ?
  4. Marcos
    Offline

    Marcos Eset Staff Account

    You can conduct two scans - one with Anti-Stealth disabled and one with AS enabled. If the total numbers of scanned files do not match, you have a rootkit-like process active. If you set NOD32 to scan all files and compare the logs, you will find such files easily even if NOD32 does not detect that rootkit.
  5. zobi
    Offline

    zobi Registered Member

    ok thanks marcos for the easy way, it would be great if nod32 could deal with kernel rk in the future , just 2 ou 3 tools can do for the moment ( rkunhooker for example ) and absolutely no av can face effectively for the moment to that kind of rk.
Thread Status:
Not open for further replies.