Last version of RKU download link?

Can anyone post it alongwith MD5 value?

Thanks

 

Re: Last version of RKU downlod link?

Aigle, the site is down for at least 2x month now. But if you PM me, I can send you the Zip file of the last version.

http://www.rkunhooker.narod.ru/

 

Re: Last version of RKU downlod link?

I don't recall the latest public version but I believe it was the one found here at antirootkit.com

RkU 3.7.300.509
MD5 ac348df64baf41dd219234b746242bf5

 

Re: Last version of RKU downlod link?

Correct Bubba, this is the last version.

 

Re: Last version of RKU downlod link?

Hi, thanks all of you. Ya, it,s latest one. I had but lost it recently.

Thanks again.

 

Re: Last version of RKU downlod link?

I downloaded but MD5 is :

a043df46903c717093972609721c7da5

That,s different from web site. Can anyone confirm pls?
Thanks

 

Re: Last version of RKU downlod link?

From that link I get an .exe file with MD5 value of: a043df46903c717093972609721c7da5 . When I run it, the following error message is shown: "Error loading driver, NTSTATUS code: C0000001"

(Using Vista Home Premium 32-bit.)

 

It is not the right tool for actual threats.
Only useful for Mass-Unhooking nothing else.

Did anyone noticed that its developement stopped the same time when
Rustock samples ceased. It seems they had a strange interaction.

 

Re: Last version of RKU downlod link?

I did also and am not sure what version that actually is considering the inconsistensies of file properties

 

Re: Last version of RKU downlod link?

Thanks Bubba.
I will wait for fcukdat now!

 

Re: Last version of RKU downlod link?

This was the last version uploaded/archived @ Sysinternals forums.

File size: 169906 bytes
MD5: ac348df64baf41dd219234b746242bf5
SHA1: 42ec2ed8c9f018659d539e233eefa9a2798815f8
PEiD: -
packers: PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.UPX, UPX

 

Oh my what a crock

Having tested it extensively against ITW malware rootkits(Actual live infections not gremlins in teh matrix) and used it to recover from these malwares i really am at odds with your opinion!

BTW Rustocks are still about ITW,just have to hunt their mail engines

For a clever guy you can be so full of it,happy hunting in the matrix mate

 

I have this version: RkU3.7.300.509
- CRC32: 2f572dd6
- MD5: ac348df64baf41dd219234b746242bf5
- SHA1: 42ec2ed8c9f018659d539e233eefa9a2798815f8

 

Thanks fcukdat and lucas!

Lucas! I PMed u.

 

PM received and answered

 

Thanks Lucas!

 

Wou're welcome

 

SO you think it detects Stealth.Mbr.. nice illusion ;-)
They surely hadn´t released it to you if it would be so good ;-) Otherwise they would destroy their own playground that is also the reason why they flamed Gmer, they suspected that he would be sometimes one step ahead. ;-)
What does this ITW stuff is useful for? Only toys.. we want to hunt the real shadow not these usual known malwares.

 

OH a related topic, what programs to use to look for md5 and sha1 checksums?

 

https://www.wilderssecurity.com/showthread.php?t=176600&highlight=hash

 

If ahead in sense of ARK tools, then that might always be a possibility.
If u mean gmer,s tool ahead of malware, then it,s a dream. It can never happen( not specific to gmer, i am saying in general). So they must not have been flamed( assuming they really had a playground of their own).

 

Yep, that was a wild speculation due to fcuks childish attacks.

I know that Gmer(Beta) is far away from being a genius and perfect detector but actually it is the best what we have. RkU is a nice tool but it died in October 2007. So it is still nice to unhook and to see the results it displays with comfortable design but that´s all. As long as <unknown> can slip into each executable no tool will be sufficient. Parasite protection good starting point but in no way enough, if it would be more subtle and sophisticated this could be a solution for the future. Radix nice tool too but still in early beta.. blue pill/vm detection is very vague and not reliable.

There must be a way to win even if hardware and software is infected.

The biggest problem are specialized stealth viruses. They patch the system32 stuff and that was it then. ARKs won´t help much and AVs are unable to detect them so in this time we should start new actions to find new possibilities.

 

I think Gmer 1.14 has gone release.