Last version of RKU download link?

Discussion in 'other anti-malware software' started by aigle, Jan 29, 2008.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Can anyone post it alongwith MD5 value?

    Thanks
     
  2. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Re: Last version of RKU downlod link?

    Aigle, the site is down for at least 2x month now. But if you PM me, I can send you the Zip file of the last version.;)

    http://www.rkunhooker.narod.ru/
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: Last version of RKU downlod link?

    I don't recall the latest public version but I believe it was the one found here at antirootkit.com

    RkU 3.7.300.509
    MD5 ac348df64baf41dd219234b746242bf5
     
  4. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Re: Last version of RKU downlod link?

    Correct Bubba, this is the last version.:)
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Re: Last version of RKU downlod link?

    Hi, thanks all of you. Ya, it,s latest one. I had but lost it recently.

    Thanks again.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Re: Last version of RKU downlod link?

    I downloaded but MD5 is :

    a043df46903c717093972609721c7da5

    That,s different from web site. Can anyone confirm pls?
    Thanks
     
  7. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Re: Last version of RKU downlod link?


    From that link I get an .exe file with MD5 value of: a043df46903c717093972609721c7da5 . When I run it, the following error message is shown: "Error loading driver, NTSTATUS code: C0000001"

    (Using Vista Home Premium 32-bit.)
     
  8. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    It is not the right tool for actual threats.
    Only useful for Mass-Unhooking nothing else.

    Did anyone noticed that its developement stopped the same time when
    Rustock samples ceased. It seems they had a strange interaction.
     
  9. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: Last version of RKU downlod link?

    I did also and am not sure what version that actually is considering the inconsistensies of file properties :doubt:

    RKU.gif
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Re: Last version of RKU downlod link?

    Thanks Bubba.
    I will wait for fcukdat now!
     
  11. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Re: Last version of RKU downlod link?

    This was the last version uploaded/archived @ Sysinternals forums.

    File size: 169906 bytes
    MD5: ac348df64baf41dd219234b746242bf5
    SHA1: 42ec2ed8c9f018659d539e233eefa9a2798815f8
    PEiD: -
    packers: PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.UPX, UPX
     
  12. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Oh my what a crock:thumbd: :gack:

    Having tested it extensively against ITW malware rootkits(Actual live infections not gremlins in teh matrix) and used it to recover from these malwares i really am at odds with your opinion!

    BTW Rustocks are still about ITW,just have to hunt their mail engines:D ;)

    For a clever guy you can be so full of it,happy hunting in the matrix mate:p
     
  13. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I have this version: RkU3.7.300.509
    - CRC32: 2f572dd6
    - MD5: ac348df64baf41dd219234b746242bf5
    - SHA1: 42ec2ed8c9f018659d539e233eefa9a2798815f8
    :)
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks fcukdat and lucas!

    Lucas! I PMed u.
     
  15. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    PM received and answered :)
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks Lucas!
     
  17. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Wou're welcome ;)
     
  18. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    SO you think it detects Stealth.Mbr.. nice illusion ;-)
    They surely hadn´t released it to you if it would be so good ;-) Otherwise they would destroy their own playground that is also the reason why they flamed Gmer, they suspected that he would be sometimes one step ahead. ;-)
    What does this ITW stuff is useful for? Only toys.. we want to hunt the real shadow not these usual known malwares.
     
  19. Gargoyle

    Gargoyle Registered Member

    Joined:
    Jun 2, 2007
    Posts:
    67
    OH a related topic, what programs to use to look for md5 and sha1 checksums?
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    If ahead in sense of ARK tools, then that might always be a possibility.
    If u mean gmer,s tool ahead of malware, then it,s a dream. It can never happen( not specific to gmer, i am saying in general). So they must not have been flamed( assuming they really had a playground of their own).
     
    Last edited: Jan 30, 2008
  22. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Yep, that was a wild speculation due to fcuks childish attacks.

    I know that Gmer(Beta) is far away from being a genius and perfect detector but actually it is the best what we have. RkU is a nice tool but it died in October 2007. So it is still nice to unhook and to see the results it displays with comfortable design but that´s all. As long as <unknown> can slip into each executable no tool will be sufficient. Parasite protection good starting point but in no way enough, if it would be more subtle and sophisticated this could be a solution for the future. Radix nice tool too but still in early beta.. blue pill/vm detection is very vague and not reliable.

    There must be a way to win even if hardware and software is infected.

    The biggest problem are specialized stealth viruses. They patch the system32 stuff and that was it then. ARKs won´t help much and AVs are unable to detect them so in this time we should start new actions to find new possibilities.
     
    Last edited: Jan 31, 2008
  23. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I think Gmer 1.14 has gone release.
     
Loading...
Similar Threads
  1. jwcca
    Replies:
    12
    Views:
    1,014
Thread Status:
Not open for further replies.