Any rootkit detection software (or hardware) for Windows 98?

Discussion in 'malware problems & news' started by R2D2, Oct 4, 2005.

Thread Status:
Not open for further replies.
  1. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    Good to post again! Been awhile since my last visit.

    Is there any rootkit detection program compatible with Windows 98 out there somewhere for detecting those nasty stealth rootkits?

    I am still using Windows 98SE and so far, I have not found a rootkit detection program compatible with it. I would guess that programs like this are just more stable for Windows XP or maybe it's time for me to upgrade. :eek:

    Jeff
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,099
    Hi Jeff,

    I never found one when I was using Win98SE, but have since upgraded to WinXP Pro SP2 and there are: SysInternals.com RootkitRevealer and F-Secure's Blacklight Beta.

    However, you might just be able to get what you want with: TaskInfo
    which works with Win98, from: http://www.iarsn.com/taskinfo.html

    -- Tom
     
  3. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    Thanks for that info and link Tom!

    I'll eventually get XP, or maybe Vista.

    Hopefully Microsoft will include features in Vista to help prevent unauthorized installations of malware along with rootkits. We shall see...

    Jeff
     
  4. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    This is a followup from my post.

    From a bit of research I've done, I have found that the new version 4.2 of TrojanHunter from Mischel Internet Security (www.misec.net) can detect both rootkits and keyloggers with its new "Advanced Trojan Analyzer". It is compatible with Windows 95, 98, ME, NT, 2000 and XP. A great product!;)

    Check it out here: http://forum.misec.net/board/THFeatures/1116559803

    Jeff
     
  5. C3PO

    C3PO Guest

    Have you actually tested TrojanHunter against these forms of malware? I hope your not just believing what they tell you on their website.

    Personally, I wouldn't rely on TrojanHunter for keylogger detection, it does very poor in that area, but it is good at detecting trojans.

    As far as how well it detects rootkits..... I'm not sure, but I doubt it's really that good. It would be wise of you to have a separate anti-keylogger and anti-rootkit IMO.

    But since your using 98, then maybe it's your only option, but I didn't think rootkits were possible on 9x systems anyway.
     
  6. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    It may be worth clarifying what is meant here by "rootkit detection". Any anti-virus/trojan scanner can detect inactive rootkits if they have the signature for them.

    However once a rootkit is "active" and stealthing itself (and any associated malware), only low-level inspection of Windows' data structures is likely to detect them and only a format/Windows reinstall guaranteed to remove them. TrojanHunter's Advanced Trojan Analyzer (which was added with 3.5 released on March 6th, 2003) appears to be a heuristic scanner, not a low-level rootkit detector.

    It should be noted though, that most rootkit techniques are targetted at Windows 2000/XP/2003 (which have more security mechanisms to defeat as well as wider use). With Win9x/ME, any program running can take control of Windows so it is easier for malware to hide itself without having to go to the lengths required in later versions of Windows.
     
  7. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    Following from C3PO reply above. God, If I only were smart enough to know how to use this forum!

    It would be wise of you to have a separate anti-keylogger and anti-rootkit IMO.

    But since your using 98, then maybe it's your only option, but I didn't think rootkits were possible on 9x systems anyway.[/QUOTE]
     
    Last edited: Oct 8, 2005
  8. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    I have found you C3PO! :eek:

    May the force be with you! :ninja:

    I haven't tested TrojanHunter against them. There might be a post somewhere in this forum where someone has.

    I agree with you about having a good separate anti-keylogger (I don't believe also that TrojanHunter excels in detecting them, it's mainly intended for detecting trojans.) Therefore, I use Security Task Manager, (http://www.neuber.com/taskmanager/index.html) to detect them and other processes. I like it very much, only takes seconds for it to output results of what's going on in my PC.

    Also, Keylogger Killer seems to be a great heuristic keylogger scanner too, http://www.tooto.com/keyloggerkiller/. Comes with a free 15 day trial.

    I'm not sure either if rootkits are possible on Window 9X systems. Maybe it's because malware is easier to conceal itself in Windows 9X and therefore no need for rootkits to hide themselves. I don't know o_O

    Jeff
     
    Last edited: Oct 8, 2005
  9. [/QUOTE]

    I think rootkits (even user mode rootkits to some extent) tends to be extremely specific to OS more so than other malware, so with any luck, most of them will be targetted at NT/Win2k/XP anyway.
     
  10. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Rootkits are certainly possible in Win9x/ME - it's just that different system hooks have to be manipulated. Indeed, DOS-style "stealth viruses" that hooked interrupt tables to intercept (and alter) attempts to read certain disk sectors have been around for several years, though viruses rarely make security news now.

    The biggest problem for Win9x/ME malware would likely be recovering from (more frequent) BSODs.
     
  11. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Paranoid2000

    You do not need malware to have BSOD in them OS's. ;)

    Take Care,
    TheQuest :cool:
     
  12. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Hi R2D2,

    looks like a nice progie! Is it fairly easy use/understand? Would appreciate all the in put you have, thanks.:D
     
  13. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
    Hello Rilla927,

    Yes, this program is easy to use and very user friendly. It isn't complicated at all, at least for me. It automatically scans your PC when you run it and the first processes it lists is the one it detects to be most likely a keylogger or some other form of malware process. It also gives many detailed info about where it's located, CPU usage, kind of prog, manufacturer, etc. Check out the screenshot: http://www.neuber.com/taskmanager/taskmanager.html
    I have been happy with it so far after about a month.

    Jeff
     
  14. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Hi R2D2,

    correct me if I'm wrong; but from what I read at the site, if you need to hunt for the exact path for malware, this progie will lead you to it.

    That's what I find the hardest, is knowing the path in order to find the crap in order to remove it.
     
  15. R2D2

    R2D2 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    70
    Location:
    Tatooine
Loading...
Thread Status:
Not open for further replies.