Detecting Low Level Kernel Rootkit PCACM. 7.5 Pro:

Discussion in 'malware problems & news' started by SystemJunkie, Nov 13, 2006.

Thread Status:
Not open for further replies.
  1. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    I show you a little instruction how to detect the extreme low level key logger thing PC Act.Mon 7.5:

    This insidious thing even hides from filemons, the only thing which should give you alert is the winlogon notify behaviour:

    http://i15.tinypic.com/2utpwtx.png

    Darkspy is a good tool to detect the low level file stuff:

    http://i15.tinypic.com/2rd7mn9.png

    With AAK you may get this very good attention info:

    http://i15.tinypic.com/2cwu2cp.png

    Beside neither Gmer was able to give a good detection hint (you must look exactly to find a hint), nor Rootkit Unhooker detected it. Non of the popular Antiviruses detect it actually.
    (Only if you use manual hidden file and service search, but you must look damn exact)

    Here is the hint of gmer, but nohting red underlined or a real rootkit tip. If you unhook reboot is most likely.

    http://i15.tinypic.com/2agmg46.png
     
    Last edited: Nov 13, 2006
  2. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    How bad darkspy wont run on a multi processor environment.
     
  3. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    It works on dualcore, but don´t know about MPs.

    Nevertheless use Gmer and watch out for empty service descr..
     
Loading...
Thread Status:
Not open for further replies.