accidental rootkit test

first off sorry if its not the right section to post this ...but i couldnt find a better place
i was playing with some spywares (when i found one that its still undetectable to all AVs vendors- maybe spyware tools are legal ) i found something interesting ...hidden module wasnt detected by gmer so i tested other ARKs and this is the result

 

Hello SUPERIOR:

Please upload suspicious file(s) to:

http://www.uploadmalware.com/​

File(s) will be analyzed and forwarded to many anti-malware organizations if proven malicious and previously undetected.

Thank you kindly.

 

@ SUPERIOR

Hi, as you like playing with nice tools you may have forgotten that you once DL'd/Installed this.

If it's not that then ?

If PE shows it, then GMER would i'm sure show it in Processes, your sceenie is of GMER's Rootkit window.

 

@1PW ... done
@ CloneRanger
um.... didnt know about that :$
i downloaded that tool (Remotedll) and injected some dlls into some process
with retrying using ARKs .... most ARKs show that module but not as hidden but as a normal module
as to gmer and NVT ...same result ...nothing found
yet i still love gmer
btw, you mentioned it because the dll has same name with that tool JJ

PS : tried more (KD passed NVT failed)
PPS : maybe the problem not with gmer or NVT but with my OS

 

Playing with fire
As someone said, you could try submitting it to some vendors to see what happens

 

Hello Noob:

+1

The nice thing about submitting to http://www.uploadmalware.com/ is that the length of the pipeline is significantly shortened. The suspicious file is analyzed quickly and with high expertise. I've submitted to vendors with well known names and saw reaction times that exceeded a week.

As an additional bonus, you can communicate with the person that analyzes your sample. That person also has an inside track with the big vendors because of their great reputation.

HTH

 

You can also submit it here, you can assign the file to a person in the virus lab and the analysis should be done within 24 hours.

http://valkyrie.comodo.com/

 

@ SUPERIOR

Yeah it has the same name as that tool, which is why i thought you might have used it before

As you've now used it, it seems like it's not that ! Have you uploaded the file to for eg VT yet, & if so ? If not ?

Be good if you can get to the bottom of it

 

Will Comodo then generously share all its data with all anti-malware vendors on a very timely basis?

If they do then that's wonderful and I would hope they did.

But in the real world, I wonder if we get any more than a md5 hash and a classification & name?

 

Hello 1PW,

Sorry but I do not know about Comodo's sharing agreement with other vendors. Believe me, this is a 'hot' issue with Comodo, better not trying to obtain too much details. Have a look at this

Regards

 

it's called "SecretAgent Pro" shareware spyware tool if so to speak...you can find it on softpedia test it as trial if u interested
PS: i am not affiliated with product or company neither i am advertising