RkUnhooker Extended Mode BSODs !!!

Discussion in 'other anti-malware software' started by ring0_57aR, May 13, 2008.

Thread Status:
Not open for further replies.
  1. ring0_57aR

    ring0_57aR Registered Member

    Joined:
    May 13, 2008
    Posts:
    4
    RkU? It is a brilliant piece of software. Not perfect, but top notch.

    Rootkit Unhooker LE version 3.7.300.509 (build 04.10.2007)

    - I activated "Use Extended Mode" & rebooted.
    - Everything worked fine
    - I tried to de-activate the "Extended Mode"
    - I went sadly in a big blasting BSOD. Ouch

    I tried both OS:
    Windows XP SP2 Home edition
    Windows XP SP2 Professional
    and VMWare machines

    The BLUE SCREEN message was:
    ---------------------------------------
    DRIVER_UNLOADED_WITHOUT_CANCELING_PENDING_OPERATIONS

    Stop: 0x000000CE (0xBA342E76, 0x00000008, 0xBA343E76, 0x00000000

    rkhdr40.sys

    -----------
    I cannot de-activate "Extended mode" !!! I have the log saved for anyone interested.


    MP_ART, EP_X0FF any ideas ?
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    You might, and i mean MIGHT try to post that concern at SysInternals Forums but i better let you know right now that their accounts have been banned for the time being, but EP still comes in with another name occasionally.

    EASTER
     
  3. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    banned from sysinternals? considering sysinternals was acquired by microsoft and ep was acquired by microsoft, that's really something..

    perhaps the OP should just wait until there's an official microsoft branded version of RU released, then there should be a more official avenue through which to obtain support...
     
  4. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Nah...not really, what 'EP' does as a pastime is up to 'him'
    lol, yes I'd like to see that.
     
  5. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Don't think it will happen folks;) but just for ya dreamers out there:cool:

    rku.jpg

    PS No u can't have it!!!
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Some of us can fortunately ;)
     
  7. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
  8. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    hehe:D but thats old one...gotta love them
    private tools;) now with added view memory region module rku.jpg

    Longboard...M$ no have the latest versions;)
     
    Last edited: May 15, 2008
  9. ring0_57aR

    ring0_57aR Registered Member

    Joined:
    May 13, 2008
    Posts:
    4
    Guys, guys.. We are out of topic.

    And fcukdat we are jealous of not having these private builds.

    We wish for an ultimate RkU version of course.


    But the problem remains.. RkU cannot return to simple mode from extended mode.

    Someone proposed to terminate with "sc delete" the service.
    As far I can understand the service rkhdrv40 is hidden !!!!!!
    Why is that?

    I can upload the log files after the BSOD for you to examine.....

    Cheers..
     
  10. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Ok have you tried uninstalling RKU,rebooting and then reinstalling again.This usually resets settings back to default;)
     
  11. Dwarden

    Dwarden Registered Member

    Joined:
    Apr 11, 2003
    Posts:
    176
    Location:
    Czech Republic
    fcukdat these shots look promising ...
    i hope that same like with SI tools we get hands on new builds soon(tm)
     
  12. ring0_57aR

    ring0_57aR Registered Member

    Joined:
    May 13, 2008
    Posts:
    4

    yeah! they are good news.

    I hope some builds will come out for the loyal fans out there!
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    While moving along with each new version when RKU was progressing along publicly and even now, i used AUTORUNS to delete the driver whatever version, since it was just there and not called on unless you engaged the application to run it, it more or less was just available untill called on instead of producing itself again.

    EASTER
     
Thread Status:
Not open for further replies.