Pc Detective se circumvents Rku, gmer & RkRevealer.

Discussion in 'malware problems & news' started by SystemJunkie, May 4, 2007.

Thread Status:
Not open for further replies.
  1. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    The latest version of pc detective circumvents rku, gmer & rkrevealer, in all
    cases the latest versions, new question: Modern anti-spy tools better in rootkit detection then specialized freeware?

    5zekv4g-1.png

    6bbl5e8-2.png

    Only IceSword remains reliable and NoAdware & XoftSpy.

    RkU crashes permanently when trying to scan extensive on hd and shows zero hooks, same with gmer.

    tpcd.sys remains unrecognized by the most popular anti-rootkits, by far more unreal then unreal ;-)
     
  2. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Some questions and observations:)

    Dose *pc detective* actually hide its files other then putting them in M$ folder in common files ?

    If not hidden why should an ARK tool detect them ?

    Next up did you learn anything from this topic you started>>>
    https://www.wilderssecurity.com/showthread.php?t=172983

    Why should an ARK tool detect a keyboard hook when it has nothing to do with rootkits and hiding files o_O

    Now just for your reference i have 6 malware rootkits(widely known but advanced) that i use principally to test ARK's and security softwares with as they represent the nasty stuff out there in the wild.In previous testing both NoAdware and XoftSpy detected a grand total of 0 a piece.Truly amazing performance don't you thinko_O
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi fcukdat! can u name these 6 if possible, just curious!
    And how is the detection of these rootkits( installation exes) on VT/ Jotti?
    Also after installation how is the detection of these rootkit scanners like Blacklight etc/. Sorry for too mnay Qs.
    Thanks.
     
  4. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Rustock A
    Rustock B
    Wincom32
    Haxdoor sm.
    Haxdoor(ntio256/Poof)
    Trojan inject aka all-in-one

    A lot of the installers and bots are polymorhs making MD5 matching a night mare for the *find file* scanners.

    The main component file(s)are widely detected when you upload to VirusTotal service but then if you understand rootkits and their operations then you will know that that means nada=0

    Once loaded they will filter and subvert data at kernel level to hide their existance from traditional tools and some of the claimed more advanced ones too;)

    FWIW AVG asw 7.5= 2/6 detected when loaded yet it knows all the files when they are sat in a folder doing nothing:blink:

    Blacklight+3/6 not good for a specialized tool:thumbd:
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks and what about the one in ur signatures?
     
  6. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    6/6 detected and nuked:D

    It is the best signature based detection and removal engine that i have tested and one of the reasons why i have that in my signature;)
     
  7. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Yes, the same with rkrevealer very bad stuff..

    Who is aigle belonging too? AntiVir? Of which product are you talking about?

    Specialized stuff nothing for antispy tools.

    But the method how PCDetective latest version hides its files, I actually don´t know, further investigations needed..
     
  8. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    http://www.superantispyware.com/

    SAS detects and removes all 6 of thoes ring0 dwelling rootkit malwares.Its the only ASW that truely can wear the ARK capable label due to its raw disk reading capability and still one of the few Rustock killers:thumb:

    Quite streight forward with the use of ProcessExplorer,check the svchost.exe entries by double clicking on them to see where they are being run from;)
     
  9. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Superantispy found svchost in common files, really nice tool. ;-)

    I underestimated the power of this prog.:thumb: :D
     
  10. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
  11. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Despite the fact that 2 tests failed, aak still remains (what a shame that no one was able to create better protection) the best anti-keylogger protection, it´s at least 20% better then procguard, better then all the other commercial ak products. Test others you will see that aak is at least 20% better. Okay we have a security lack of 40%, but better to have 60% plus protection then nothing isn´t it?

    Concerning thread topic it should be renewed, pc detective does nothing more then changing the hidden status of explorer.exe, damn damn, so simple, but quite good to confuse the mass.
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hello,

    SystemJunkie, sounds like you're chasing ghosts.

    If you want to perform a reliable forensics, then you should also check the system in cold state. Meaning - your discoveries, per se, mean nothing. First, the code might not be malicious. Second, rootkit tools should not discover something that does not aim at being hidden. Dontchyathink?

    Besides, Noadware, Xoftspy both had their moments on the rogue list, if it concerns anyone.

    Mrk
     
  13. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Yes, my problem, I am too fast.. therefore I often have to revoke several prejudices.

    this was already told by fcukdat

    And this concerns nobody, all tools are cool that are able to detect something, even if they detect just dust.:isay: o_O :D :D :D

    Beside I really like the so called rogue antispy progs, this term is in my opinion full nonsense.

    Some of them may install some adware or junkware, but does this mean any danger?
    No, it´s harmless, only annoying. (that concerns specially: spybro, noadware, xoftspy, scanspy, maxantispy)

    The usefulness outweighs the annoying aspect in most cases.
     
    Last edited: May 5, 2007
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hello,
    Your pc - your kingdom. Whatever rocks your boat!
    Cheers,
    Mrk
     
  15. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    lol at SystemJunkie :)

    Nice one man I know what your saying
    but do we need them.
     
  16. EASTER.2010

    EASTER.2010 Guest

    AFAIK, NoAdware is no better or worse than it's always been. Long ago when we were all on Windows 98/Me etc. it was the only program that showed all sorts of SEVERE findings but after tracing their paths fom it's results display those finds were all good and no threat.

    Out of nothing but pure curiosity a few months ago i installed it again :cautious: to one of my test boxes and it resulted in basically the same results because what it did flag was basic litter Windows could delete on LogOff, so that concluded my little effort to see how far they went to changing their shady image. Just my own opinion but those moments spoke about above lasted a whole lot longer then just moments.
     
  17. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Woah SJ,this is your opinion but i'm all for helping folks learn as others have been with me in the past but your *take* on things seems very wide of the marko_O

    In this day of the interent there are some extremely good antimalware(detection&cleaning engines) that are available for free such as
    AVG ASW7.5 free
    SUPERAntiSpyware free
    a2 antimalware free

    Not only are they free but they also are more technologically advanced and far more capable.The end user does not have to *pay* for them to remove what they find(unlike most suspect/mediocre softwares) and are not reknowned for producing too many F/p's unlike your listed selection.

    What good are scanners that detect many f/p's such as hostfile entries,soft targets such as p2p software that is not ad supported/bundled.The end user then is hoodwinked into paying for software to remove so called threats that do not exist:mad:

    Next up with these 3 very capable softwares available to all there is no reason on this planet to download an antispyware/antimalware software that is ad-supported.Plain madness to import something that is ineffectual and then bombards the end user's PC with spam email and pop up ads:thumbd:

    You really need to rethink your opinion because IMO where ever you curry influence with folks you are doing them a major injustice with your advice given.
    If anyone follows your advice they are being ripped off and lining the pockets of these *suspect* software vendors.Is this what you want o_O
     
  18. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    It depends on what you want to do with it.

    Yes, I appreciate thos tools too. A2 has made big steps ahead.

    If someone uses his brain he will not buy such products, just test them.

    I assume that most people outthere don´t buy such software. I would never buy such a product I just like to see what they display and compare it with other scanners. Thats pure fun it´s like playing a game, understand what I mean?`.. I do research in capabilities of all security tools outthere, that´s the reason why I like all kind of products, in case they have at least a bit competence to find some unwanted or potentially unwanted progs and malware, even if it may only temporary junk, only to see what they find and what they think that could be a danger.

    Beside: It´s a good stressing method for dualcore cpus. :D :D :D
     
Loading...
Thread Status:
Not open for further replies.