Any rootkit detection software (or hardware) for Windows 98?

Good to post again! Been awhile since my last visit.

Is there any rootkit detection program compatible with Windows 98 out there somewhere for detecting those nasty stealth rootkits?

I am still using Windows 98SE and so far, I have not found a rootkit detection program compatible with it. I would guess that programs like this are just more stable for Windows XP or maybe it's time for me to upgrade.

Jeff

 

Hi Jeff,

I never found one when I was using Win98SE, but have since upgraded to WinXP Pro SP2 and there are: SysInternals.com RootkitRevealer and F-Secure's Blacklight Beta.

However, you might just be able to get what you want with: TaskInfo
which works with Win98, from: http://www.iarsn.com/taskinfo.html

-- Tom

 

Thanks for that info and link Tom!

I'll eventually get XP, or maybe Vista.

Hopefully Microsoft will include features in Vista to help prevent unauthorized installations of malware along with rootkits. We shall see...

Jeff

 

This is a followup from my post.

From a bit of research I've done, I have found that the new version 4.2 of TrojanHunter from Mischel Internet Security (www.misec.net) can detect both rootkits and keyloggers with its new "Advanced Trojan Analyzer". It is compatible with Windows 95, 98, ME, NT, 2000 and XP. A great product!

Check it out here: http://forum.misec.net/board/THFeatures/1116559803

Jeff

 

Have you actually tested TrojanHunter against these forms of malware? I hope your not just believing what they tell you on their website.

Personally, I wouldn't rely on TrojanHunter for keylogger detection, it does very poor in that area, but it is good at detecting trojans.

As far as how well it detects rootkits..... I'm not sure, but I doubt it's really that good. It would be wise of you to have a separate anti-keylogger and anti-rootkit IMO.

But since your using 98, then maybe it's your only option, but I didn't think rootkits were possible on 9x systems anyway.

 

It may be worth clarifying what is meant here by "rootkit detection". Any anti-virus/trojan scanner can detect inactive rootkits if they have the signature for them.

However once a rootkit is "active" and stealthing itself (and any associated malware), only low-level inspection of Windows' data structures is likely to detect them and only a format/Windows reinstall guaranteed to remove them. TrojanHunter's Advanced Trojan Analyzer (which was added with 3.5 released on March 6th, 2003) appears to be a heuristic scanner, not a low-level rootkit detector.

It should be noted though, that most rootkit techniques are targetted at Windows 2000/XP/2003 (which have more security mechanisms to defeat as well as wider use). With Win9x/ME, any program running can take control of Windows so it is easier for malware to hide itself without having to go to the lengths required in later versions of Windows.

 

Following from C3PO reply above. God, If I only were smart enough to know how to use this forum!

It would be wise of you to have a separate anti-keylogger and anti-rootkit IMO.

But since your using 98, then maybe it's your only option, but I didn't think rootkits were possible on 9x systems anyway.[/QUOTE]

 

I have found you C3PO!

May the force be with you!

I haven't tested TrojanHunter against them. There might be a post somewhere in this forum where someone has.

I agree with you about having a good separate anti-keylogger (I don't believe also that TrojanHunter excels in detecting them, it's mainly intended for detecting trojans.) Therefore, I use Security Task Manager, (http://www.neuber.com/taskmanager/index.html) to detect them and other processes. I like it very much, only takes seconds for it to output results of what's going on in my PC.

Also, Keylogger Killer seems to be a great heuristic keylogger scanner too, http://www.tooto.com/keyloggerkiller/. Comes with a free 15 day trial.

I'm not sure either if rootkits are possible on Window 9X systems. Maybe it's because malware is easier to conceal itself in Windows 9X and therefore no need for rootkits to hide themselves. I don't know

Jeff

 

[/QUOTE]

I think rootkits (even user mode rootkits to some extent) tends to be extremely specific to OS more so than other malware, so with any luck, most of them will be targetted at NT/Win2k/XP anyway.

 

Rootkits are certainly possible in Win9x/ME - it's just that different system hooks have to be manipulated. Indeed, DOS-style "stealth viruses" that hooked interrupt tables to intercept (and alter) attempts to read certain disk sectors have been around for several years, though viruses rarely make security news now.

The biggest problem for Win9x/ME malware would likely be recovering from (more frequent) BSODs.

 

Hi, Paranoid2000

You do not need malware to have BSOD in them OS's.

Take Care,
TheQuest

 

Hi R2D2,

looks like a nice progie! Is it fairly easy use/understand? Would appreciate all the in put you have, thanks.

 

Hello Rilla927,

Yes, this program is easy to use and very user friendly. It isn't complicated at all, at least for me. It automatically scans your PC when you run it and the first processes it lists is the one it detects to be most likely a keylogger or some other form of malware process. It also gives many detailed info about where it's located, CPU usage, kind of prog, manufacturer, etc. Check out the screenshot: http://www.neuber.com/taskmanager/taskmanager.html
I have been happy with it so far after about a month.

Jeff

 

Hi R2D2,

correct me if I'm wrong; but from what I read at the site, if you need to hunt for the exact path for malware, this progie will lead you to it.

That's what I find the hardest, is knowing the path in order to find the crap in order to remove it.

 

Check my other thread here on this subject:
https://www.wilderssecurity.com/showpost.php?p=639074&postcount=2