accidental rootkit test

Discussion in 'other anti-malware software' started by SUPERIOR, Sep 6, 2011.

Thread Status:
Not open for further replies.
  1. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    first off sorry if its not the right section to post this ...but i couldnt find a better place
    i was playing with some spywares (when i found one that its still undetectable to all AVs vendors- maybe spyware tools are legal o_O ) i found something interesting ...hidden module wasnt detected by gmer :'( so i tested other ARKs and this is the result
     

    Attached Files:

    • 1.JPG
      1.JPG
      File size:
      57.5 KB
      Views:
      626
    • 2.JPG
      2.JPG
      File size:
      81.7 KB
      Views:
      4
  2. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    701
    Location:
    North of the 38th parallel.
    Hello SUPERIOR:

    Please upload suspicious file(s) to:


    File(s) will be analyzed and forwarded to many anti-malware organizations if proven malicious and previously undetected.

    Thank you kindly. :)
     
    Last edited: Sep 6, 2011
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ SUPERIOR

    Hi, as you like playing with nice tools :) you may have forgotten that you once DL'd/Installed this.

    If it's not that then ?

    If PE shows it, then GMER would i'm sure show it in Processes, your sceenie is of GMER's Rootkit window.
     
  4. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    @1PW ... done
    @ CloneRanger
    um.... didnt know about that :$
    i downloaded that tool (Remotedll) and injected some dlls into some process
    with retrying using ARKs .... most ARKs show that module but not as hidden but as a normal module
    as to gmer and NVT ...same result ...nothing found :(
    yet i still love gmer
    btw, you mentioned it because the dll has same name with that tool o_O JJ :D

    PS : tried more (KD passed NVT failed)
    PPS : maybe the problem not with gmer or NVT but with my OS ;)
     

    Attached Files:

  5. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Playing with fire :D
    As someone said, you could try submitting it to some vendors to see what happens :rolleyes:
     
  6. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    701
    Location:
    North of the 38th parallel.
    Hello Noob:

    +1 :oops:

    The nice thing about submitting to http://www.uploadmalware.com/ is that the length of the pipeline is significantly shortened. The suspicious file is analyzed quickly and with high expertise. I've submitted to vendors with well known names and saw reaction times that exceeded a week.

    As an additional bonus, you can communicate with the person that analyzes your sample. That person also has an inside track with the big vendors because of their great reputation.

    HTH :)
     
  7. smage

    smage Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    377
    You can also submit it here, you can assign the file to a person in the virus lab and the analysis should be done within 24 hours.

    http://valkyrie.comodo.com/
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ SUPERIOR

    Yeah it has the same name as that tool, which is why i thought you might have used it before ;)

    As you've now used it, it seems like it's not that ! Have you uploaded the file to for eg VT yet, & if so ? If not ?

    Be good if you can get to the bottom of it :)
     
  9. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    701
    Location:
    North of the 38th parallel.
    Will Comodo then generously share all its data with all anti-malware vendors on a very timely basis?

    If they do then that's wonderful and I would hope they did.

    But in the real world, I wonder if we get any more than a md5 hash and a classification & name?
     
    Last edited: Sep 7, 2011
  10. smage

    smage Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    377
    Hello 1PW,

    Sorry but I do not know about Comodo's sharing agreement with other vendors. Believe me, this is a 'hot' issue with Comodo, better not trying to obtain too much details. Have a look at this :)

    Regards
     
  11. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    it's called "SecretAgent Pro" shareware spyware tool if so to speak...you can find it on softpedia test it as trial if u interested ;)
    PS: i am not affiliated with product or company neither i am advertising o_O
     
Loading...
Thread Status:
Not open for further replies.