Pc Detective se circumvents Rku, gmer & RkRevealer.

The latest version of pc detective circumvents rku, gmer & rkrevealer, in all
cases the latest versions, new question: Modern anti-spy tools better in rootkit detection then specialized freeware?





Only IceSword remains reliable and NoAdware & XoftSpy.

RkU crashes permanently when trying to scan extensive on hd and shows zero hooks, same with gmer.

tpcd.sys remains unrecognized by the most popular anti-rootkits, by far more unreal then unreal ;-)

 

Some questions and observations

Dose *pc detective* actually hide its files other then putting them in M$ folder in common files ?

If not hidden why should an ARK tool detect them ?

Next up did you learn anything from this topic you started>>>
https://www.wilderssecurity.com/showthread.php?t=172983

Why should an ARK tool detect a keyboard hook when it has nothing to do with rootkits and hiding files

Now just for your reference i have 6 malware rootkits(widely known but advanced) that i use principally to test ARK's and security softwares with as they represent the nasty stuff out there in the wild.In previous testing both NoAdware and XoftSpy detected a grand total of 0 a piece.Truly amazing performance don't you think

 

Hi fcukdat! can u name these 6 if possible, just curious!
And how is the detection of these rootkits( installation exes) on VT/ Jotti?
Also after installation how is the detection of these rootkit scanners like Blacklight etc/. Sorry for too mnay Qs.
Thanks.

 

Rustock A
Rustock B
Wincom32
Haxdoor sm.
Haxdoor(ntio256/Poof)
Trojan inject aka all-in-one

A lot of the installers and bots are polymorhs making MD5 matching a night mare for the *find file* scanners.

The main component file(s)are widely detected when you upload to VirusTotal service but then if you understand rootkits and their operations then you will know that that means nada=0

Once loaded they will filter and subvert data at kernel level to hide their existance from traditional tools and some of the claimed more advanced ones too

FWIW AVG asw 7.5= 2/6 detected when loaded yet it knows all the files when they are sat in a folder doing nothing

Blacklight+3/6 not good for a specialized tool

 

Thanks and what about the one in ur signatures?

 

6/6 detected and nuked

It is the best signature based detection and removal engine that i have tested and one of the reasons why i have that in my signature

 

Yes, the same with rkrevealer very bad stuff..

Who is aigle belonging too? AntiVir? Of which product are you talking about?

Specialized stuff nothing for antispy tools.

But the method how PCDetective latest version hides its files, I actually don´t know, further investigations needed..

 

http://www.superantispyware.com/

SAS detects and removes all 6 of thoes ring0 dwelling rootkit malwares.Its the only ASW that truely can wear the ARK capable label due to its raw disk reading capability and still one of the few Rustock killers

Quite streight forward with the use of ProcessExplorer,check the svchost.exe entries by double clicking on them to see where they are being run from

 

Superantispy found svchost in common files, really nice tool. ;-)

I underestimated the power of this prog.

 

I've asked this before and never really ad an answer
Advanced Antikeylogger v rrootkits
http://spydex.com/
But YankinNcrankin has posted this
http://www.spydex.com/forum/board-antikeylogger-action-display-num-82783748.html

ANd @System Junkie: I know I bet you've thought about Spybro any observations re this pcdetective??

@fckudat ?? SAS v PcDetective

 

Despite the fact that 2 tests failed, aak still remains (what a shame that no one was able to create better protection) the best anti-keylogger protection, it´s at least 20% better then procguard, better then all the other commercial ak products. Test others you will see that aak is at least 20% better. Okay we have a security lack of 40%, but better to have 60% plus protection then nothing isn´t it?

Concerning thread topic it should be renewed, pc detective does nothing more then changing the hidden status of explorer.exe, damn damn, so simple, but quite good to confuse the mass.

 

Hello,

SystemJunkie, sounds like you're chasing ghosts.

If you want to perform a reliable forensics, then you should also check the system in cold state. Meaning - your discoveries, per se, mean nothing. First, the code might not be malicious. Second, rootkit tools should not discover something that does not aim at being hidden. Dontchyathink?

Besides, Noadware, Xoftspy both had their moments on the rogue list, if it concerns anyone.

Mrk

 

Yes, my problem, I am too fast.. therefore I often have to revoke several prejudices.

this was already told by fcukdat

And this concerns nobody, all tools are cool that are able to detect something, even if they detect just dust.

Beside I really like the so called rogue antispy progs, this term is in my opinion full nonsense.

Some of them may install some adware or junkware, but does this mean any danger?
No, it´s harmless, only annoying. (that concerns specially: spybro, noadware, xoftspy, scanspy, maxantispy)

The usefulness outweighs the annoying aspect in most cases.

 

Hello,
Your pc - your kingdom. Whatever rocks your boat!
Cheers,
Mrk

 

lol at SystemJunkie

Nice one man I know what your saying

but do we need them.

 

AFAIK, NoAdware is no better or worse than it's always been. Long ago when we were all on Windows 98/Me etc. it was the only program that showed all sorts of SEVERE findings but after tracing their paths fom it's results display those finds were all good and no threat.

Out of nothing but pure curiosity a few months ago i installed it again to one of my test boxes and it resulted in basically the same results because what it did flag was basic litter Windows could delete on LogOff, so that concluded my little effort to see how far they went to changing their shady image. Just my own opinion but those moments spoke about above lasted a whole lot longer then just moments.

 

Woah SJ,this is your opinion but i'm all for helping folks learn as others have been with me in the past but your *take* on things seems very wide of the mark

In this day of the interent there are some extremely good antimalware(detection&cleaning engines) that are available for free such as
AVG ASW7.5 free
SUPERAntiSpyware free
a2 antimalware free

Not only are they free but they also are more technologically advanced and far more capable.The end user does not have to *pay* for them to remove what they find(unlike most suspect/mediocre softwares) and are not reknowned for producing too many F/p's unlike your listed selection.

What good are scanners that detect many f/p's such as hostfile entries,soft targets such as p2p software that is not ad supported/bundled.The end user then is hoodwinked into paying for software to remove so called threats that do not exist

Next up with these 3 very capable softwares available to all there is no reason on this planet to download an antispyware/antimalware software that is ad-supported.Plain madness to import something that is ineffectual and then bombards the end user's PC with spam email and pop up ads

You really need to rethink your opinion because IMO where ever you curry influence with folks you are doing them a major injustice with your advice given.
If anyone follows your advice they are being ripped off and lining the pockets of these *suspect* software vendors.Is this what you want

 

It depends on what you want to do with it.

Yes, I appreciate thos tools too. A2 has made big steps ahead.

If someone uses his brain he will not buy such products, just test them.

I assume that most people outthere don´t buy such software. I would never buy such a product I just like to see what they display and compare it with other scanners. Thats pure fun it´s like playing a game, understand what I mean?`.. I do research in capabilities of all security tools outthere, that´s the reason why I like all kind of products, in case they have at least a bit competence to find some unwanted or potentially unwanted progs and malware, even if it may only temporary junk, only to see what they find and what they think that could be a danger.

Beside: It´s a good stressing method for dualcore cpus.