BitDefender Antirootkit - BETA 1 released

Discussion in 'other anti-malware software' started by Chubb, Jun 23, 2006.

Thread Status:
Not open for further replies.
  1. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    BitDefender Antirootkit - BETA 1 released

    BitDefender Antirootkit comes as a separate tool and can be run on Windows XP, Windows 2000 and Windows 2003 (including systems with BitDefender Internet Security v10 installed).
     
  2. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    any links?
     
  3. controler

    controler Guest

    Bitdefender Antirootkit

    Has anybody tried this yet?

    controler
     
  4. wildvirus88

    wildvirus88 Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
  5. tansu

    tansu Registered Member

    Joined:
    Sep 13, 2005
    Posts:
    210
    Re: Bitdefender Antirootkit

    Yes, Runs fast.
    No hidden files so far:D
     

    Attached Files:

    • bark.gif
      bark.gif
      File size:
      15.2 KB
      Views:
      984
  6. controler

    controler Guest

    Re: Bitdefender Antirootkit

    I agree, the scan took a whopping 5 seconds on my system. I guess someone will have to run it on some rootkits to actualy see how it goes.
    the two common are HackerDefender and Futo
     
  7. tansu

    tansu Registered Member

    Joined:
    Sep 13, 2005
    Posts:
    210
    Re: Bitdefender Antirootkit

    I wonder, if it's possible to add BDARK to upcoming BD Internet Security 10? Or are they planning something like this.
     
  8. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,251
    Location:
    The land of no identity :D
    Re: Bitdefender Antirootkit

    BitDefender v10 Standard/Pro/Internet Security will have BitDefender Anti-Rootkit technology. I suspect the interface will be different though since the Anti-Rootkit technology has to be integrated with the other components of BitDefender.
     
  9. controler

    controler Guest

    It will be nice to see what other testers have found.

    Spanner are you there?

    I would like to see some tests on known rootkits.

    Then is it a program that will work against unknown rootkits?

    controler
     
  10. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,251
    Location:
    The land of no identity :D
    To make things clear, this anti-rootkit exists because BitDefender can only currently detect the rootkit infected files before they have run on the system. BD cannot remove rootkits yet if they are already running.

    This Anti-Rootkit module was designed for that job. Detection of unknown rootkits will probably be integrated into the B-HAVE heuristics rather than the anti-rootkit technology.
     
  11. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    bitdefender are a bit later on using a rootkit scanner because f-secure has included one since f-seure has had black light since the start of f-secure 2006
     
  12. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    825
    Location:
    United States
    The fact that it is "a bit lat(e)" says little about its effectiveness.
     
  13. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Just tried it. It sure is fast!
     

    Attached Files:

    • RU.jpg
      RU.jpg
      File size:
      23.5 KB
      Views:
      770
  14. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,046
    Intersting just ran this - didn't scan inside of my First Defence folder $ISR - I guess it does not look for hidden directories?

    No log file created
     
  15. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    I did try it quickly with HackerDefender (default settings), and DBAR beta allows to see the files, the process but I think the GUI could provide more informations :

    Here you see the files

    http://img319.imageshack.us/img319/1201/bdantirk17vf.jpg


    But all you get about hidden processes is their number :( :

    http://img386.imageshack.us/img386/6193/bdantirk31xf.jpg


    Then BDAR wants to rename the files :

    http://img386.imageshack.us/img386/3217/bdantirk40hh.jpg


    And does ask to reboot :

    http://img464.imageshack.us/img464/6241/bdantirk59ug.jpg


    As expected, the files are renamed/not hidden anymore, and the driver is not loaded either :

    http://img464.imageshack.us/img464/403/bdantirk63dp.jpg



    I think the "clean" button could show more obviously in the GUI, during the first test I didn't see it :D , the most obvious button is "next". In fact, this is very close to BlackLight and RootkitRevealer. Personally, I prefer IceSword, more informative, but this one is more like a l"cleaner".

    But well, it's seems to be doing the job - although it was not able to see another rootkit, harder to detect.. :shifty:

    nicM
     
  16. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    During another test, it was not able to see process(es) hidden by FU :doubt: .

    Oh, it's still beta :) - and IceSword doen't see it either.

    nicM
     
  17. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Beta 2 of BD RU is now available.

    nicM
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.