ScanSpyware vs RkUnhooker

Discussion in 'malware problems & news' started by SystemJunkie, Aug 28, 2007.

Thread Status:
Not open for further replies.
  1. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Some interesting results from ScanSpyware, the latest database update shows following:

    Files recognized:
    =================
    [Rootkit.MS]

    C:\WINDOWS\system32\drivers\rkhdrv40.sys
    __________________________________________________

    Seems they don´t like RkUnhooker 3.7.

    A new fight between Rootkit finder vs Antispyware crews.


    Application Information
    =======================
    Application Version: ScanSpyware v3.8 build 3.8.0.4
    Updated Database: ssdb082407.db
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Sounds like a rouge?!?
     
  3. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Oh boyo_O

    Since your keen on spreading the n00s....have you actually tested ScanSpyware versus real malware rootkits to see if the software is even capable of detecting rootkit malwares :cautious:
     
  4. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
  5. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    That doesn´t matter, first time I see a antispy (no matter if white or black hat tool) that display rku as danger.
     
  6. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782

    Attached Files:

  7. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    fcukdat :
    It did ring a bell, think its been out awhile. I see it is available in downloads at CC :)
     
  8. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Yes, they have some false positives, but sometimes they also have real hits:D :D :D :D :D :D :D :D :cool: I love to compare those crazy results.:cool:

    Nevertheless they are the first antispy (no matter if rogue or not) company I´ve seen who directly attack RkU.
     
  9. pushick

    pushick Registered Member

    Joined:
    Jul 21, 2007
    Posts:
    3
    Hello,

    it is false positive, probably due to rogue nature of this antispyware tool.
     
  10. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    The nature of the scanner as a rogue program renders it's findings irrelevant.
     
  11. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    A rogue is a rogue and is not only worthless but may be dangerous as well, as some of these rogue softwares install virus or spyware themselfs.
     
  12. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Do you really think this is dangerous? They are harmless..
    scan spyware is really harmless..

    ..the paranoia in this case is really in the wrong place..

    I never saw any real danger while testing your so called dangerous rogue spy.. mostly adware and funny false positives nothing else.. beside the author of scan spy. seems to have taken the threat of EP serious or my
    topic because last signature update has removed the false positive.
     
    Last edited: Sep 3, 2007
  13. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    I believe I said "but may be dangerous as well"

    I hardley call a rogue/fake anti spyware harmless.

    Some rogue apps do contain more then just FP's or adware others may contain malware.

    Ahhhh ya that must be it,they were afraid that their creditbility was at stake. :rolleyes:


    There are many rogue apps being pasted off as legit programs anti spyware,anti virus,reg cleaners and so on.
    If you like to test them then by all means continue.
    No offence or disrespect intended, i'm just saying one must be careful with these apps cause they are not all "harmless".


    Many are discussed here.
    http://www.malwarebytes.org/forums/
     
    Last edited: Sep 3, 2007
  14. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    AntiVir detects RKunhooker doesnt it? I wouldn't be surprised if several "trusted" security programs detect RKunhooker really, given the nature of the tool...
     
  15. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Not on custom file scan and also nothing from the realtime guard when RKU is used:thumb:
     

    Attached Files:

  16. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    No AntiVir does not detect RKU. It is a wonder that Dr.Web does not detect RKU, but maybe they like the spider icon too much to detect it. The spider looks similar to dr.web, maybe the same crew?..

    DrWeb heuristic even detects Splashscreens and aol files as possible backdoor,looooooooool, :)))))
    I still can´t believe that they are so passive in not enhancing their poor heuristic.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.