Rootkit Unhooker

Re: RkUnhooker RC3 released

FFS TECHWG

Do you not think others use this software who have just a great deal more knowledge then you are displaying and realise what they are seeing with these alarmed*events* your tool keeps reporting.

You get the bells but you have no idea why the alarms go off,So that equally equates to suspect software because of your lack of knowledge with how that software works.

RKR uses a service entry to do business if you care to decry shannanigans on another widely used tool as well

 

Re: RkUnhooker RC3 released

About RkDemo (if it was just discussed, lol).

It is NOT INTENDED to bypass real-time protection. It's intended to BYPASS rootkit detectors. And all of them was bypassed.

We are working not like preventors, we are detectors.

RkDemo creates registry key to load driver. Nothing more. To remove it all what you need - reboot, lol

 

Re: RkUnhooker RC3 released

Are you paying attention to what i typed ? I am testing the demo not the detector LOL

the lights are on . . . . . but

 

Re: RkUnhooker RC3 released

well as i say it clashed with PS for some reason, the dev knows about it. but someone said that HIPS cant stop it ?!?! i have no idea why they would say that because i know PS saw it happening and blocked it. unfortunatly PS had an anaphylactic shock or something i could have fixed it but i wanted to format for about 1 week now, so i did!

 

Re: RkUnhooker RC3 released

Looks like PS was shocked. Because it was unable to fully stop it/or it have some bugs inside, lol. Now try to disable ProSecurity and detect RkDemo without real-time monitoring.

 

Re: RkUnhooker RC3 released

LOL yes but i could run a 1995 trojan and it wont get stopped . . you need some kind of realtime protection of somekind wether signature or behavior. you cant use a computer safely if you dont

EDIT:
kind of like taking off your bullet proof vest and shooting your self in the chest to see that you cant live long.

 

Re: RkUnhooker RC3 released

How does RKunhooker differ from that other advanced anti rootkit or what ever it was posted here a few weeks ago ? ya know the alpha stage software

 

Re: RkUnhooker RC3 released

What is the name of this software? Currently most advanced antirootkits is: gmer, rkr, icesword, darkspy, rkunhooker, rkdetector. All others - ....

 

Re: RkUnhooker RC3 released

i dont remember but someone else would remember. Its in its alpha stage. adn it has some of the functions of RK

 

Re: RkUnhooker RC3 released

Helios (?)

 

Re: RkUnhooker RC3 released

Yes . . Helios . . thankyou

How does this compare with this one ?

 

Re: RkUnhooker RC3 released

They are incomparable =) Helios - just a piece of buggy .NET code. It's not working and I will wonder if it will be someday.

 

Re: RkUnhooker RC3 released

How 'bout Advanced AntiKeylogger ??
www.spydex.com

EP_XOFF?

 

Re: RkUnhooker RC3 released

It makes test system just little unstable and locks: shlwapi.dll and logonui.exe

 

Re: RkUnhooker RC3 released

@MP_ART
Thanks
I believe you.

What about detection of RKs?

When you say "unstable" what exactly??

 

Re: RkUnhooker RC3 released

"unstable" mean that system can not shutdown or user can not logoff, system simply hangs.

haxdoor rootkit - detected as dangerous driver

 

Re: RkUnhooker RC3 released

So because your code is better than their .net code we cant compare these two products ? This does not make sense. I think you got your idea from Helios and you also failed to mention it when i was asking for what the name might me.

Just my opinion. your anti RK tool seems to be good, but that does not mean you have to knock down Helios by saying its just buggy .net code. They have told you it is ALPHA. Now i dont know if you understand the concept of Alpha but its Pre beta. Alpha is the first stage where its workable and needs working on to work out the bugs and errors, then when you think you dont most of it you call it BETA. Now in the beta stage its worked on substancially by the developer and they are releasing it for the end user testers to report their bugs adn compatability issues. Give the guys a break they are in alpha and just want to show us what they are working on.

WG

 

Re: RkUnhooker RC3 released

They released it's ALPHA half year ago, when we already have RkUnhooker v2.0, so your words here are wrong. Even our 2.0 alpha is much better and stable than this piece of buggy .net code. Long time ago I write huge post about Helios with description of all of it's bugs, GPF's and others cool things.

Please explain me, for what antirootkit app need 512 Mb of RAM?

Test Helios with different rootkits, it can't even decide was module hidden or not, so it is nonsence not a antirootkit.

 

Re: RkUnhooker RC3 released

Hello,

EP, a few questions:

Do you intend to keep your product as freeware once it reaches full development state?

Do you think it is possible / do you consider it worthy of your time, trying to integrate your tool with a bootable CD utility?

Mrk

 

Re: RkUnhooker RC3 released

Hello, Mrkvonic.

It is a good question. Current RC and following 3.0 Release version will be freeware. Next versions will not freeware.

Rootkit Unhooker is designed for "IN VIVO" rk detection. I can not see any reasons for including our product into bootable CD

 

Re: RkUnhooker RC3 released

lol i think its high time some freeware developers start to make some software like this then. Nothing like a little healthy competition

After all we dont always use paid softwares

 

Re: RkUnhooker RC3 released

Hi, folks: there are several anti-rootkit apps available from heavy-weight AV developers these days, they are effective, efficient and most importantly, free. If this said piece of app is superior to those, how much would they charge it for? merely x dollars ? or at the going rate of US$ 29.95? For a single app doing a single task and asking a price of gourment dinner is not far from conducting an extortion. A piece of good work deserves a decent reward, at the same time, I think it is a wrong idea trying to pull a quick bucks. A piece of humble advice; stay as a freeware or upgrade it to donationware, and see what will evolve next.

 

Re: RkUnhooker RC3 released

see i think this software they have "rkunhooker" is good but i certainly would expect its functionality in a freeware from sysinternals since this would be their style. I would not pay for a software like this maybei may pay a dollar or a pound but other than that no way.

 

Re: RkUnhooker RC3 released

UnHackMe is a pay software. But I would not give a cent for it

 

Re: RkUnhooker RC3 released

That maybe, but all i am saying is that your Rk un Hooker is a good program, but the kind of program i would have expected to see from sysinternals. Its their style. Come to think of it i do believe you guys or the other guy was on the sysinternal forums . . Hmm interesting i guess you guys are fans of sysinternals too! I like sysinternals. As i say your software is good but not justified to pay through the nose for. This is only my suggestion, but my personal maximum price i would place on a product like your un hooker would be about $9.99 USD I would say its worth that. but i would not pay more than that.