Hello! Does NOD32 detect rootkits? Does NOD32 cure infected computers with rootkits? The installation of the rootkit has resulted in system processes being hidden. Files are hidden from Windows API. Does NOD32 detect this hidden files? Regards, izi
Well i think... No NOD32 does not detect installed Rootkits but it might prevent them from installing if it got signature I think this is a must to have detection for them in the next version
Rootkits cannot be detected on-access like other malware (except if there are signatures for it). Thats why all anti-rootkit tools are On-Demand. KAV2006 checks for rootkits in specific intervals in on-demand mode (like scheduled task)
There are some rootkits in NOD's signatures, but I'm unsure if it's just a name of a virus/worm or whatever it is, as some of them are dated back to 2002'ish
You can search on our site for rootkit: http://nod32usa.com/nod32-updates/ but it will only show you updates with rootkits, and their generic name - it's not that much help, other than to show that Eset does add them to the signatures. hth Greg
FYI One of the trojan I've in my collection was heuristically detected as Probably unknown WIN32 virus (standard heuristic) and that trojan had rootkit as one of its "feature".
We had Nod32 detect and remove a Rootkit on a system that arrived in my shop. I took a screenshot of it, just looking for it now. Cheers EDIT: Added Screenshot.
Well it's good to know that NOD can detect rootkits via heuristics. Although I'm pretty sure Eset has added some samples into the signature database too.
Brian N - you'd know that... given that you probably grabbed the data for SSE in some way, I'd expect you to KNOW that there are rootkits in the definition....