Panda - suspected rootkit, any concern?

betauser2 · Feb 5, 2006

Hi everyone I'm trialling panda platinum for a few days now but during installation this is the alert I got from unhackme

http://img370.imageshack.us/img370/4935/pandarootkit9uu.th.jpg

any cause for concern?

(P.S If anyone has any questions regarding panda platinum feel free to ask)

betauser2 · Feb 5, 2006

*BUMP*

starfish_001 · Feb 5, 2006

betauser2 said:

Hi everyone I'm trialling panda platinum for a few days now but during installation this is the alert I got from unhackme

http://img370.imageshack.us/img370/4935/pandarootkit9uu.th.jpg

any cause for concern?

(P.S If anyone has any questions regarding panda platinum feel free to ask)
Click to expand...

Not used it for a long time - did unhackme alert on the truprevent component or another ?

Could be a FP "AFX rootkit" is used to inject inorder to provide protection by quite a few apps see post below

https://www.wilderssecurity.com/showthread.php?t=47024&page=3&pp=25
post 58

Just found this thread via google. I'm the author of madCodeHook and would like to add a comment:

As was already explained by the mods here (thank you!), mchInjDrv is a driver which is internally used by madCodeHook to inject dlls into other processes. This is part of the whole API hooking technology. Now the injection driver in itself is quite innocent. It does nothing but inject a specified dll. It doesn't really know what purpose the dll has.

Unfortunately some programmers misused madCodeHook to write rootkits (I really hate that). I've contacted them and asked them to stop doing that. They promised to stop using madCodeHook for rootkits etc, hopefully they'll really do.

On the positive side, a lot of good software "antiSomethingBad" is using madCodeHook for good purpose, and I'm quite happy about that.

When you see "mchInjDrv" on your PC, you can only check whether the process which wants to use that is a process which you trust or not. The injection driver itself is not bad, but the dll which is injected *can* potentially be bad (unfortunately). If there was a way to detect bad dlls, I'd love to add that functionality to the injection driver, but I don't think that's technically possible.

Why don't companies implement their own hooking technology? Because this is a *damn* difficult job to do. I've spent years to make madCodeHook stable and I'm proud to say that I believe it's one of the best available user mode API hooking packages on the market. All those companies using madCodeHook are just trying to not reinvent the wheel but to use a technology which is well tested and proven. Of course they could try to implement their own solution, but it would cost them years and the first versions would most probably be quite unstable (as mine were in the beginning).

Thanks for listening. And if you have any questions or suggestions, please let me know.
Click to expand...

UsedPanda for a while and found the real time protect unreliable - far to many crashes

There are many better products KAV - NOD - BD - etc I'd ditch it and try one of those.

betauser2 · Feb 5, 2006

thanks starfish I thought this maybe the case as I got this warning during INSTALLATION. UnhHackme does not detect it anymore

...etc I'd ditch it and try one of those.
Click to expand...

I use F-Secure Client security 6. I'm just trialling Panda along with NIS 2006.

Thanks

betauser2

mrhero · Feb 24, 2006

You can scan with Blacklight for being sure : http://www.f-secure.com/blacklight/

Log in or Sign up

Panda - suspected rootkit, any concern?

betauser2 Guest

betauser2 Guest

starfish_001 Registered Member

betauser2 Guest

mrhero Registered Member

Log in or Sign up

Panda - suspected rootkit, any concern?

betauser2 Guest

betauser2 Guest

starfish_001 Registered Member

betauser2 Guest

mrhero Registered Member

Useful Searches