(ARK update) RootKit Unhooker Vers RkU3.30.150.400

Discussion in 'other anti-malware software' started by fcukdat, Mar 25, 2007.

Thread Status:
Not open for further replies.
  1. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    :D

    http://img100.imageshack.us/img100/6154/rkueq8.jpg

    Rootkit Unhooker RkU3.30.150.400 features:

    Service Descriptor Table Hooks Detection and Restoring
    Ultimate Processes Detection/Dumping
    Ultimate Drivers Detection
    Hidden Processes Termination
    System Call hook Detection and Unhooking
    Code Hooks Detection and Unhooking
    Hidden Files Detection
    Drivers Dumping
    Report generation
    Supported operation systems:

    x86 32 bit Windows 2000 SP4
    x86 32 bit Windows XP +SP1, SP2
    x86 32 bit Windows 2003 +SP1

    Note: RkU requires Administrator rights to launch and work.

    Download>>>
    http://rku.xell.ru/?l=e&a=dl

    *It is suggested you uninstall the older version before loading the updated tool.

    ** This is an advanced ARK forensic tool and as such should only be used by folks with the relevent knowledge or under the direction/instruction of such folks:thumb:
     
    Last edited: Mar 25, 2007
  2. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Thanks for the Update fcukdat.:)
     
  3. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    I did install the new version and I'm having a problem.I'm doing a scan for
    "Hidden File Detector" and after about 10 minutes of scanning the program
    crashes and the good "old Dr.Watson" pops up.o_O

    Anyone else having this problem?

    Thanks
     
  4. Remouald

    Remouald Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    99
    I have this problem too :doubt:
     
  5. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Thanks for letting me know.

    I re-install previous version, problem solved for now!:)
     
  6. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    I don't get that GUI on my latest build of RKU. What I'd like to know is anyone using RKU and powershadow and seeing a possible rootkit when scanning for hidden files?
     
  7. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Horus: that is not the GUI: "about" info

    Et al: my box locks up also
    RkU in Process explorer goes to 97% CPU

    RkU freezes, cant be shut down, evrything else works but SSlloowwllyy..
    Have to reboot: heh RkU cant be killed by anything (almost) LOL.

    The posters here are not alone: there are threads in the RkU forum re the same/similar issues.

    SSM had/has blocked RkU in the past.
    I imagine I have something else interfering with RkU

    Background apps:
    Nav/NIS
    CHawk
    PrevX
    BoClean
    Have SAS on demand and sometimes background protection.
    I have done some "locking" of various services in the past(cant even recall some of them now) but I wouldn't imagine they cause a problem with Rku.

    Hopefully someone will be able to reproduce this.
    I am trying with each and all other malwares disabled.

    PITA was looking forward to using RkU as learning tool.
    :(
     
  8. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    No problems all is well. ;)
     
  9. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Working with no problems here...running XP SP2 with only SSM 2.4.0.614 beta. The Hidden Files Detector scan was fairly CPU-intensive (~50%), but RkU scanned my 3 disks (.6 terabyte total) in about 3 minutes.

    Nick
     
  10. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328




    Well I had only powershadow activated and going and did a full scan using the latest 3.3 build of RKU and it found a suspicious file I posted over at the forums over on his RKU website. I'm betting that the suspicious file is powershadow but would like to know from other powershadow users if they get this

    ntkrnlpa.exe+0x0002A2C4, Type: Inline - RelativeCall at address 0x805012C4 hook handler located in [unknown_code_page]


    I just want to make sure before I make FDISR snapshots with this in it. Maybe it's even FDISR causing this.


    I downloaded SSM free after this scan just to see what it could find. Scanned all with and ADS scanner - nothing. So I'm hoping I don't have a rootkit but rootkit unhooker says I might.

    I did find out if you have comodo firewall it will cause rootkit unhooker to make CPU run at 100 % if you don't disable cmdagent.exe in the taskmanager first.
     
  11. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    No problems here.

    Horus37, best to scan with nothing active - disable everything.
     
  12. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Damn you all :D

    Forgot to mention for thos ewho may have NAV/NIS (heh LOL ??)
    NAV?NIS picks up RkU download as "Virus burst"
    Seems to think the Uninstaller is the culprit.

    FP obviously.
    To boot, no easy way to stop/exclude in NAV from deleting "HIGH Risk" problems.
    HAve to do multiple exclusions.
    Good options for many I assume but not this time.

    HHmmm: time for a change. :cautious:
     
Loading...
Thread Status:
Not open for further replies.