? concerning RkUnhooker

Discussion in 'other anti-virus software' started by ThunderZ, Mar 30, 2007.

Thread Status:
Not open for further replies.
  1. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    In Device Manager under Non-Plug and Play Drivers I am showing an entry for "08DA89C5597EC8DE". without quotations of course. I try to keep a pretty close eye on this so I can completely uninstall all instances of any software I may trial. I do not recall seeing this entry prior to installing the the current vers. of RKU. Can someone please confirm one way or the other if it belongs\or not to RKU? Win 2k SP4 PC. BTW, a Google turns up 0. Thanks in advance.
     
  2. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    That's probably it.
    Have a Look with Process explorer: RkU driver not hidden

    Uninstall RkU: it will be gone.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Hello,
    When testing RkU, it kicks off with a random name. The running process is also random-named. RKR does the same thing. Why? I guess the developer could pipe in, I guess to disguise itself from signature-based detection by malware.
    Mrk
     
  4. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    Thanks for the info. Uninstalling RkU is no guarantee that it will be gone though. Have had many a piece of software leave it`s hidden driver behind.
    Will probably load up Process Explorer later and track it down just to play it safe though.
     
  5. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    In theory a very good idea. Hoping as well the developer will confirm. Seems though after reading another thread here that he may have his hands full right now.
     
  6. EASTER.2010

    EASTER.2010 Guest

    More headaches thanks to $M. Would been beneficial for users if some identifying measure was put into place, beit highlighted color text or icon, or something to alert regular users of newly added program payloads; drivers,files, and all now wouldn't it.

    As to RKUnhooker is proven safe and effective but any program can leave behind what A2 calls "traces" and a lot of times they can be found Listed in the registry, yours might be no exception there. Try to search the registry for that entry and see if a match shows up. Plenty of places to check but i would venture to that first.

    You may consider in the future in investing in a small Registry Program that i've used for years. It searches the registry extremely fast and helps list items with ease. Registry Crawler by 4developers
     
  7. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Found these instances.
    HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_08DA89C5597EC8DE

    then in a sub-folder 0000 as a DeviceDesc & a Service REG_SZ

    Also in ControlSet2 and CurrentControlSet same as above.


    Going to have a look at Registry Crawler as well.
    Thank you EASTER.2010
     
  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    as per Easter: M$ issues with reg entries :ouch:

    The randomly named driver will/should be gone with uninstall.
    Interesting tool eh.

    The same/similar regentries are obviously harmless and can be removed.

    You can track the install with InCtrl5 if you want.
    http://www.pcmag.com/article2/0,4149,9882,00.asp
    This is a great read as to how Inctrl works. Useful tool
    Small fee for Dl of latest from PCMag.

    -cough- Inctrl maybe available for free elswhere if you want.
     
  9. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    :eek: :D ;) thanks
     
Thread Status:
Not open for further replies.