Another new anti Rootkit and hook analyzer

Which is why I hang around these hallowed halls.

 

But what has this to do with the Knights Templers?

DO you think they actualy sailed to the United States during the 1300's?
Do you think they sailed there because the Catholic Church was hunting them down like dogs?
Listen carefully!!!!!!!!!!!!

Do you think they carved the Kensinton Ruinstone?
If so ,,,,,, Isn't it coded?

Sorry I realy could not help it. That is who I am. Think coded in a non programing term LOL

Just me '
Mr Bruce

 

Oh yea Pete

Let the battles start. LOL

Pete don't be misslead by Polititions.

Don't let them take our constitutuin away!!!!!!!!!!!!!!!!!

Or I will kick their a$$

Bruce

 

hi all, was trying out the program but i getting this message.can anyone explain this.thanks

http://picshosted.com/v/3819/ScreenShot005.jpg

 

That is the message you will see if that file is not present, have you verified that this file is present (C:\WINDOWS\SYSTEM32)? I'd try a reinstallation as a first measure and make sure you're allowing file writes to that folder.

Blue

 

haha, thanks BlueZannetti. dunno why what happen. i search and locate the file rspsc.sys in sys32.i uninstall it and did a reinstall it fine now.i wonder if it is because i re-enable dcom services which i normally turn off unless some software do require it to turn on?

http://picshosted.com/v/3832/ScreenShot005.jpg

 

This tool installs a driver named rspsc.sys, it´s not a standard Windows driver, I got the same message when running this tool from a USB stick.

 

I assume that it has to install a driver to work, wouldn't you say?

A screenie of the Jotti scan is included. I don't believe the "Status" warning is anything to be concerned about, given the fact that none of the scanners found anything hinky about the file. Pete

 

Anybody experienced a "viexca2k.sys" module described as "InfoExpress Intruder"? Comes from CyberArmor, a personal firewall application.

Cheers - Thomas

 

Thomas

How appropriate a nick name. crusader

Appears you have studied the knights templers?

 

Uhmmm... doesn't do all that much, compared to something like IceSword.

Lots of hooks on my computer.

http://img57.imageshack.us/img57/9967/immagine1gu.gif

 

Rootkits are kernel hooks, and vice-versa; unless you are using the set of semantics that say a rootkit isn't a "rootkit" unless it's malicious.

 

Or, not.

A rootkit is not "a kernel hook". A kernel hook is a kernel hook. A rootkit is a tool (usually used by an intruder) that can access computer's files and data, and that can make itself invisible by the process/file analyzing tools and commands (by replacing them, or by replacing kernel functions).

 

Yeah, you're right. I must have been caught in yet another of my fits of sleep-deprived lightheadedness. Mark Russinovich and the founder of rootkit.com use similar definitions, respectively:

 

Eventhough I think it´s a nice tool, I can´t rely on it since I´ve read on Kareldjag´s blog that it could not spot Hacker Defender, and perhaps it might also not be able to spot other rootkits as well.

 

I wonder if that's one of those cases where renaming the EXE/SYS file would get around it.

 

Btw, as you might know, IceSword is also capable of showing these hooks (and more) plus a lot of people seem to rely on Icesword at the moment. So far IS has not showed me any suspicious processes or hooks.

 

Is there a manual you can give us that will help us determine what to delete or avoid deleting